Skills
skills/fal-ai-community/skills/fal-image-edit/Gen Agent Trust Hub

fal-image-edit

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Command Execution (HIGH): The script scripts/edit-image.sh is vulnerable to arbitrary command injection. It uses an unquoted heredoc (cat <<EOF) to construct the API payload. Because the heredoc is not quoted, the shell performs expansion and command substitution on the variables $PROMPT, $IMAGE_URL, and $MASK_URL. An attacker could provide an input like $(touch /tmp/pwned) which would be executed by the shell during the script's execution.
  • Dynamic Code Loading (MEDIUM): The script executes source .env to load the API key. While common, this pattern allows any code placed in the .env file to be executed with the privileges of the script. This creates a risk if the environment is shared or if other vulnerabilities allow writing to the .env file.
  • Data Integrity/Injection (LOW): The script fails to escape double quotes in user inputs before inserting them into the JSON payload. This allows for JSON injection, where an attacker can manipulate the structure of the request sent to the fal.ai API, although this is secondary to the command injection risk.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 04:59 PM