Skills
skills/ilkerzg/agent-skills/fal-3d/Gen Agent Trust Hub

fal-3d

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The scripts/generate-3d.sh script demonstrates a surface for indirect prompt injection by constructing JSON payloads through direct string concatenation of user-supplied arguments.\n
  • Ingestion points: The --prompt, --image-url, and --param arguments in scripts/generate-3d.sh which are likely to contain user-provided content.\n
  • Boundary markers: Absent; the script does not employ delimiters or instructions to the receiving API to treat the content as untrusted.\n
  • Capability inventory: The script performs network requests via curl to https://queue.fal.run.\n
  • Sanitization: None; the script interpolates shell variables directly into a JSON string template without escaping double quotes, which could allow an attacker to escape the intended field and inject additional JSON keys.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 05:08 PM