fal-workflow
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The shell script located at
scripts/create-workflow.shexecutes a Python interpreter using a heredoc (python3 << PYTHON_EOF) and directly interpolates the shell variable$NODESinto the Python script body. - [REMOTE_CODE_EXECUTION]: The interpolation in
scripts/create-workflow.shuses triple single quotes:nodes = json.loads('''$NODES'''). If a user provides input for the--nodesparameter that contains triple single quotes ('''), they can escape the Python string literal and execute arbitrary Python code on the host system. Example exploit:'''); import os; os.system('ls'); #.
Audit Metadata