fal-api
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill documentation describes a workflow where user-supplied prompts are passed to AI models via the fal.ai API. This represents a vulnerability surface for indirect prompt injection. Ingestion points: prompt parameter described in SKILL.md. Boundary markers: None identified. Capability inventory: Submits requests to remote AI endpoints (fal.ai) for media generation. Sanitization: No input validation or sanitization mechanisms are described.
- [NO_CODE]: The skill documentation references a Python script (fal_api.py) and a module (FalAPI) that are not provided in the analyzed file set.
Audit Metadata