fal-ai-model-search
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill implements an indirect prompt injection surface by fetching documentation from fal.ai and using it to guide project code modification. * Ingestion points: The workflow in Step 2 fetches model details from various subpaths of https://fal.ai/models/. * Boundary markers: No delimiters or safety instructions are provided to ensure the agent ignores embedded instructions in the fetched data. * Capability inventory: Step 3 explicitly empowers the agent to integrate the model by following patterns in the documentation, which involves writing or modifying code. * Sanitization: No sanitization or validation of the fetched patterns is requested before application.
- [Remote Code Execution] (HIGH): While no direct shell scripts are executed, the agent's capability to modify the codebase based on unverified remote content effectively creates a remote code execution pathway if the documentation source is poisoned.
Recommendations
- AI detected serious security threats
Audit Metadata