The Agent Skills Directory

[SAFE]: The skill interacts with the FAL.ai API via queue.fal.run to perform text-to-audio generation. All network communication is directed to well-known service endpoints associated with the skill's primary function.- [CREDENTIALS_UNSAFE]: The skill handles API keys using standard practices. It supports environment variables (FAL_KEY) and local JSON storage. In the cmd_config function, the script explicitly applies chmod 600 to the configuration file, ensuring that sensitive credentials are only readable by the owner.- [DATA_EXFILTRATION]: The code includes a lookup for a sibling directory (../fal-video-skill/config.json) to share an API key between related tools. This cross-skill access is documented and serves a functional purpose for a suite of AI tools from the same developer without exfiltrating data to unknown third parties.- [COMMAND_EXECUTION]: The tool performs standard file system operations and network requests using the requests library. These actions are scoped to the intended use case of downloading and saving generated audio files to a local output directory.- [PROMPT_INJECTION]: The skill processes user-supplied text prompts for music generation. To mitigate indirect risks, it implements a sanitize_filename function that uses regex to strip potentially dangerous characters from the prompt before using it as a filename for generated content.

fal-music