Skills
skills/fal-ai-community/skills/fal-generate/Gen Agent Trust Hub

fal-generate

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The scripts feature a --add-fal-key option that prompts for or accepts an API key and saves it to a local .env file. This is an intentional configuration mechanism for the tool, but users should note that the key is stored in plaintext on disk.
  • [EXTERNAL_DOWNLOADS]: The skill makes network requests to fal.ai, fal.run, and fal.media to fetch model metadata, submit generation jobs, and retrieve results. These are official vendor domains associated with the skill's author.
  • [COMMAND_EXECUTION]: The skill executes local shell scripts that use standard system utilities like curl for API interaction and python3 for processing JSON responses. These executions are scoped to the skill's intended functionality.
  • [DATA_EXFILTRATION]: The skill includes functionality to upload local images, videos, and audio files to the fal.ai CDN. This behavior is clearly documented and is a prerequisite for image-to-video and other multi-modal generation tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 01:20 AM