fal-api-reference

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing the official fal.ai SDKs via standard package managers (npm install @fal-ai/client, pip install fal-client). These are established packages for interacting with the fal.ai service.
  • [COMMAND_EXECUTION]: Documentation includes shell commands for local environment setup and deployment of serverless applications using the 'fal' CLI (e.g., fal deploy, fal logs). These are standard developer operations for the platform.
  • [DATA_EXFILTRATION]: The skill documents methods for uploading local files to the fal.media CDN (e.g., fal_client.upload_file, fal.storage.upload). While this is a core feature for processing user-provided images and videos, it represents a potential exfiltration surface if the agent is instructed to upload sensitive system files to the remote service.
  • [INDIRECT_PROMPT_INJECTION]: The skill's primary function is to process and display outputs from external AI models (fal.ai), which constitutes an ingestion point for untrusted data.
  • Ingestion points: Model logs, queue status updates, and model-generated payloads (URLs/metadata) enter the agent's context during operation.
  • Boundary markers: The documented examples do not explicitly define delimiters for separating untrusted model outputs from system instructions.
  • Capability inventory: The agent is granted capabilities to perform network requests, file reads (for uploads), and CLI operations (for deployments).
  • Sanitization: The reference focuses on functional implementation and does not include explicit validation or sanitization patterns for model-provided data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:39 AM
Security Audit — agent-trust-hub — fal-api-reference