Skills
skills/artwist-polyakov/polyakov-claude-skills/fal-ai-image/Gen Agent Trust Hub

fal-ai-image

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes POSIX-compliant shell scripts (generate.sh, edit.sh, upload.sh) to interface with the fal.ai API. These scripts use standard system utilities like curl, sed, and grep. Basic escaping of user-provided prompts is performed to prevent JSON injection during API request construction.
  • [EXTERNAL_DOWNLOADS]: The scripts download generated image files from fal.ai's content delivery network (CDN) to a user-specified local directory. This is the intended behavior of the skill for persisting generated assets.
  • [CREDENTIALS_UNSAFE]: The skill requires a FAL_KEY for authentication. It correctly instructs the user to store this sensitive credential in a .env file or as an environment variable, rather than hardcoding it in the scripts or instructions.
  • [DATA_EXFILTRATION]: The skill sends user prompts and image data to fal.ai endpoints. This is a documented and necessary function for the service to perform image generation and editing tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 05:56 AM