fal-platform
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Retrieves model pricing, usage data, and request metadata from the official fal.ai API (
api.fal.ai). These requests are necessary for the skill's functionality and target a well-known technology service. - [COMMAND_EXECUTION]: Employs
curlto perform API operations andpython3to parse the resulting JSON data. - User-provided inputs, such as model identifiers, are sanitized using URL encoding.
- Data is passed to Python logic using positional arguments, ensuring that external content is treated as data rather than executable code.
- [CREDENTIALS_UNSAFE]: Includes a setup utility (
setup.sh) for managing theFAL_KEYcredential. The key is stored in a local.envfile, which is a standard pattern for local tools. The script includes basic validation of the key's format and does not contain hardcoded secrets. - [SAFE]: No malicious patterns, such as prompt injection, obfuscation, or unauthorized data exfiltration, were detected. The skill's behavior is consistent with its stated purpose of assisting with fal.ai platform management.
Audit Metadata