Skills
skills/ilkerzg/agent-skills/fal-video-edit/Gen Agent Trust Hub

fal-video-edit

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill interacts exclusively with official API endpoints at fal.run, which is the established domain for the fal.ai service.
  • [SAFE]: Secret management is handled correctly by sourcing credentials from .env files rather than using hardcoded keys. The --add-fal-key command provides a safe path for users to initialize their credentials.
  • [DATA_EXFILTRATION]: The scripts transmit the user-provided FAL_KEY to the processing queue to authenticate API requests. This is the expected and necessary behavior for the skill's functionality and does not constitute unauthorized exfiltration.
  • [COMMAND_EXECUTION]: Shell scripts use standard curl and jq commands to process video editing requests. User-provided inputs such as prompts and URLs are used to construct the API payload via string interpolation. While this can result in malformed JSON if the input contains unescaped double quotes, it does not present a path for local code execution or privilege escalation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 05:08 PM