kling
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing untrusted data through the Kling video generation models.
- Ingestion points: External data enters the context via the
image_urlparameter and user-suppliedpromptinputs for the Kling models. - Boundary markers: No specific boundary markers or instructions to ignore embedded commands are present in the provided templates.
- Capability inventory: The skill facilitates network-based API calls to the fal.ai platform to process video generation requests.
- Sanitization: There are no explicit sanitization or validation mechanisms mentioned for external content prior to model interpolation.
- [EXTERNAL_DOWNLOADS]: The skill downloads and processes image data from external URLs specified in the
image_urlparameter. While necessary for the stated functionality, this involves fetching data from remote sources. - [DATA_EXFILTRATION]: The skill provides instructions for managing secrets via the
FAL_KEYenvironment variable. This is documented as standard secret management practice for authenticating with the fal.ai service.
Audit Metadata