fal-workflow
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The script
scripts/create-workflow.shis vulnerable to a Python injection attack. In the script, the shell variable$NODESis directly interpolated into a triple-quoted Python string (nodes = json.loads('''$NODES''')). An attacker can provide a payload containing triple quotes (''') to escape the string literal and execute arbitrary Python commands on the host system. - [COMMAND_EXECUTION] (HIGH): The skill instructs the AI agent to execute a local bash script (
/mnt/skills/user/fal-workflow/scripts/create-workflow.sh) using arguments derived from user input. Because the script lacks input sanitization or safe parsing mechanisms for these arguments, it creates a direct path for the execution of malicious payloads. - [COMMAND_EXECUTION] (MEDIUM): The script
scripts/create-workflow.shalso demonstrates unsafe JSON construction. It uses a bash heredoc to interpolate shell variables ($NAME,$TITLE,$DESCRIPTION) directly into a JSON template. This allows an attacker to inject additional JSON fields or corrupt the structure of the generated workflow file.
Recommendations
- AI detected serious security threats
Audit Metadata