Skills
skills/fal-ai-community/skills/cinematography/Gen Agent Trust Hub

cinematography

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it interpolates unvalidated user-provided data into shell commands.
  • Ingestion points: User inputs for 'Subject and action', 'Framing', 'Lens feel', and other cinematography parameters defined in the 'Inputs to collect' section of SKILL.md.
  • Boundary markers: Absent. The skill does not instruct the agent to use delimiters or sanitization when placing user content into the command template.
  • Capability inventory: The skill utilizes genmedia run, genmedia upload, and genmedia status subprocess calls in SKILL.md to interact with external media generation APIs.
  • Sanitization: Absent. The user input is placed directly inside double-quoted strings in shell commands (e.g., genmedia run --prompt "<cinematography prompt>"), which can be bypassed if the user input contains escape characters or shell metacharacters.
  • [COMMAND_EXECUTION]: The skill's primary workflow involves executing shell commands via the genmedia CLI to search for models, upload files, and run generation tasks. While this is the intended functionality, the lack of input sanitization mentioned above makes these execution points a security risk.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 09:29 PM