fal-restore
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a bash script to perform restoration tasks and references a separate local script for model searching.
- [DATA_EXFILTRATION]: The script transmits image URLs and the FAL_KEY to the vendor's API domain at https://fal.run. This is the intended functionality of the skill for processing images via the fal.ai service.
- [CREDENTIALS_UNSAFE]: The --add-fal-key flag writes the user-provided API key into a local .env file. While this stores the credential in plain text, it is presented as a configuration utility rather than a hardcoded secret.
- [PROMPT_INJECTION]: The script has an indirect injection surface because it interpolates the --image-url argument directly into a JSON string without escaping. This could allow for schema confusion if a malformed URL containing double quotes is provided.
Audit Metadata