Skills
skills/fal-ai-community/skills/fal-vision/Gen Agent Trust Hub

fal-vision

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The scripts/analyze.sh script is vulnerable to indirect prompt injection through schema confusion.
  • Ingestion points: The --image-url and --query arguments in scripts/analyze.sh accept untrusted external data.
  • Boundary markers: None; the script lacks delimiters or instructions to ignore embedded commands within the input strings.
  • Capability inventory: The script performs network operations using curl to interact with the fal.ai API.
  • Sanitization: Absent; inputs are directly interpolated into a JSON payload string (e.g., PAYLOAD="{\"image_url\": \"$IMAGE_URL\"}"), which allows an attacker to manipulate the JSON structure if the input contains unescaped double quotes.
  • [COMMAND_EXECUTION]: The skill executes a local bash script that utilizes system utilities such as curl and jq. Additionally, the script's --add-fal-key functionality writes sensitive API keys to a local .env file in plaintext, which is a suboptimal security practice for credential management.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 08:01 PM