The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/create-workflow.sh contains a command injection vulnerability. It uses unquoted shell variables ($OUTPUTS) inside a heredoc and interpolates the $NODES variable directly into a Python string literal (nodes = json.loads('''$NODES''')). A maliciously crafted input could break out of these structures to execute arbitrary shell commands or Python code on the host system. While the agent is the primary user of these scripts, this flaw represents a significant security risk if the agent is influenced by untrusted external data.\n- [EXTERNAL_DOWNLOADS]: The skill uses curl to interact with official fal.ai endpoints, including api.fal.ai, fal.run, queue.fal.run, and rest.alpha.fal.ai. These are well-known domains for the service and are documented as the intended communication targets for the skill's functionality.\n- [DATA_EXFILTRATION]: The scripts/upload.sh and scripts/generate.sh scripts are designed to read local files provided by the user and upload them to the fal.ai CDN (v3.fal.media). While this is a core feature for processing local images or videos, it involves transmitting local data to an external cloud service.

fal