Skills
skills/fal-ai-community/skills/fal-realtime/Gen Agent Trust Hub

fal-realtime

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFEDATA_EXFILTRATIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The realtime.sh script sends user prompts and the FAL_KEY to the vendor's API at https://fal.run/. This is a necessary operation for the skill to function and targets a known service domain.
  • [CREDENTIALS_UNSAFE]: The skill provides a utility to store API keys in a local .env file using the --add-fal-key argument. It later sources this file to obtain the FAL_KEY. This is a standard method for local secret management and does not contain hardcoded credentials in the source code.
  • [COMMAND_EXECUTION]: The script executes curl to make HTTP requests and jq to parse the resulting JSON data. These are expected and legitimate uses of system utilities.
  • [PROMPT_INJECTION]: The script is susceptible to indirect prompt injection because it constructs JSON payloads by directly interpolating the --prompt argument into a string.
  • Ingestion points: The --prompt argument in scripts/realtime.sh accepts untrusted user input.
  • Boundary markers: No delimiters or safety instructions are used to isolate the prompt within the JSON structure.
  • Capability inventory: The script performs network operations via curl and data parsing via jq.
  • Sanitization: There is no escaping or validation of the prompt string before it is used to build the JSON payload, which could allow a malicious user to break out of the JSON string and inject additional fields.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 08:01 PM