fal-workflow
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill metadata identifies the author as 'fal-ai', which contradicts the verified author context 'ilkerzg'. This deceptive metadata can lead to an incorrect assessment of the skill's safety and origin.\n- [COMMAND_EXECUTION]: The script 'scripts/create-workflow.sh' dynamically generates a Python script using shell variable interpolation ($NODES) within a triple-quoted string. This pattern is vulnerable to arbitrary code execution if the input contains the triple-quote sequence (''').\n- [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by translating untrusted natural language into complex AI workflows. \n
- Ingestion points: User intent provided during workflow generation requests in SKILL.md.\n
- Boundary markers: Absent; there are no instructions to the agent to ignore directives within user-provided descriptions.\n
- Capability inventory: Subprocess execution via create-workflow.sh and multiple external AI model API integrations.\n
- Sanitization: Absent; the shell script performs no escaping or validation of the interpolated variables.
Audit Metadata