Virtual Try-On
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is primarily instructional, providing clear documentation on how to interact with the each::sense API using standard tools like curl.
- [DATA_EXPOSURE]: The skill correctly instructs users to use an environment variable (
$EACHLABS_API_KEY) for authentication rather than hardcoding credentials, which is a standard security best practice. - [COMMAND_EXECUTION]: While the skill contains bash examples using curl, these are provided as documentation for the user or agent to interact with the vendor's API endpoint (https://sense.eachlabs.run/chat) and do not involve suspicious or unauthorized local command execution.
- [INDIRECT_PROMPT_INJECTION]: The skill includes an ingestion point for untrusted data via the
image_urlsparameter. This is a known attack surface for multi-modal models; however, since this is the primary functionality of the virtual try-on service and is handled by the vendor's cloud API, the risk to the local environment is minimal. - [EXTERNAL_DOWNLOADS]: All external references and API endpoints point to the vendor's own infrastructure (eachlabs.run) or well-known placeholder domains (example.com), which are considered safe in the context of this skill.
Audit Metadata