Skills
skills/fal-ai-community/skills/fal-redesign/Gen Agent Trust Hub

fal-redesign

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [DATA_EXFILTRATION]: The skill reads the content of local HTML files and captures screenshots of target websites (local or remote) to transmit them to fal.ai for processing by vision models. This transmission is a documented and essential part of the design transformation workflow.
  • [COMMAND_EXECUTION]: The skill uses the Puppeteer library to launch a headless browser for screenshotting target sites and uses FFmpeg via the Node.js spawn method to generate side-by-side video comparisons of the original and redesigned sites.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interpolates untrusted data (content from target HTML files and user-provided context) into long-form instructions sent to AI models.
  • Ingestion points: The skill ingests data from the --target file path/URL and the --context CLI argument.
  • Boundary markers: The implementation uses BEGIN_HTML and END_HTML tags to separate user code from instructions in the LLM prompts.
  • Capability inventory: The skill can perform file system reads and writes and network uploads to the fal.ai API.
  • Sanitization: The skill performs basic HTML boilerplate cleanup but lacks specific sanitization to prevent adversarial instructions embedded in target files from influencing the AI models.
  • [EXTERNAL_DOWNLOADS]: The skill fetches generated images from fal.ai storage and requires the installation of the Puppeteer browser runtime and other Node.js dependencies (@fal-ai/client, sharp) to operate.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 02:21 PM