fal-api-reference
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing the official fal.ai SDKs via standard package managers (npm install @fal-ai/client, pip install fal-client). These are established packages for interacting with the fal.ai service.
- [COMMAND_EXECUTION]: Documentation includes shell commands for local environment setup and deployment of serverless applications using the 'fal' CLI (e.g., fal deploy, fal logs). These are standard developer operations for the platform.
- [DATA_EXFILTRATION]: The skill documents methods for uploading local files to the fal.media CDN (e.g., fal_client.upload_file, fal.storage.upload). While this is a core feature for processing user-provided images and videos, it represents a potential exfiltration surface if the agent is instructed to upload sensitive system files to the remote service.
- [INDIRECT_PROMPT_INJECTION]: The skill's primary function is to process and display outputs from external AI models (fal.ai), which constitutes an ingestion point for untrusted data.
- Ingestion points: Model logs, queue status updates, and model-generated payloads (URLs/metadata) enter the agent's context during operation.
- Boundary markers: The documented examples do not explicitly define delimiters for separating untrusted model outputs from system instructions.
- Capability inventory: The agent is granted capabilities to perform network requests, file reads (for uploads), and CLI operations (for deployments).
- Sanitization: The reference focuses on functional implementation and does not include explicit validation or sanitization patterns for model-provided data.
Audit Metadata