Skills
skills/refly-ai/refly-skills/fal-video/Gen Agent Trust Hub

fal-video

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): The skill has an indirect prompt injection surface where untrusted user input influences data processed by shell commands with high-privilege file system access.
  • Ingestion points: Ingestion of input_image and motion_prompt variables defined in SKILL.md.
  • Boundary markers: Absent; there are no delimiters or instructions to isolate user-provided content.
  • Capability inventory: Includes refly file download for writing to the user's desktop and the open command for process execution.
  • Sanitization: Absent; the FILE_NAME variable is used in shell commands without validation or escaping.
  • [COMMAND_EXECUTION] (MEDIUM): The skill provides automated shell scripts that interact with the local filesystem and launch applications, creating a risk if the workflow output is compromised.
  • [DATA_EXFILTRATION] (LOW): The skill makes network requests to refly.ai via its CLI, which is a non-whitelisted domain.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:37 AM