The Agent Skills Directory

[COMMAND_EXECUTION]: The generate.sh script uses unquoted heredocs (cat <<EOF) to build JSON payloads. This results in the shell expanding any command substitutions found within the $PROMPT and $IMAGE_URL variables. An attacker can exploit this to execute arbitrary commands on the host machine by providing a malicious prompt or URL string.
[COMMAND_EXECUTION]: The scripts generate.sh, get-schema.sh, search-models.sh, and upload.sh include logic to save a FAL_KEY to a .env file, which is subsequently loaded using the source command. Since the input is not validated, this provides a mechanism for persistent command injection if a malicious string is stored in the environment file.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via JSON structure manipulation (Category 8). The prompt is interpolated into a JSON string without escaping, allowing for the injection of additional JSON fields.
Ingestion points: The --prompt and --image-url arguments in scripts/generate.sh.
Boundary markers: None; the variables are directly placed inside a JSON template.
Capability inventory: The script performs network requests via curl and file operations.
Sanitization: Absent; there is no escaping of double quotes or shell-special characters.
[EXTERNAL_DOWNLOADS]: The skill makes network requests to fal.ai, fal.run, and fal.media for its core functionality. These are recognized as legitimate service endpoints for the AI model generation tasks.
[CREDENTIALS_UNSAFE]: The skill implements a persistent credential storage mechanism by saving the user's API key in plaintext within a .env file.

fal-generate