Skills
skills/lingkaix/smartworkers/fal-qwen-image-edit/Gen Agent Trust Hub

fal-qwen-image-edit

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill connects to official fal.ai endpoints (fal.run and queue.fal.run) to process image generation requests and downloads the resulting images. These are well-known service domains for AI model hosting.
  • [COMMAND_EXECUTION]: A bundled Node.js script manages the image generation workflow, including reading local reference images and writing output artifacts to the project's artifacts and logs directories.
  • [CREDENTIALS_UNSAFE]: The skill follows secure practices by reading the fal.ai API key from a local workers.jsonc file. It includes a helper function to prompt the user for the key if it is missing, avoiding the use of hardcoded secrets.
  • [PROMPT_INJECTION]: The skill processes user-provided text prompts and image references which are transmitted to the external fal.ai API.
  • Ingestion points: Prompts and reference image paths are ingested via command-line arguments in scripts/generate.mjs.
  • Boundary markers: Input data is encapsulated in a structured JSON payload sent via a POST request to the fal.ai API, providing basic separation from the underlying logic.
  • Capability inventory: The skill has permissions to read local files, write to the artifacts/ and logs/ directories, and perform network operations.
  • Sanitization: Standard for generative tools; inputs are used directly as parameters for the image generation model.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 10:02 AM
Security Audit — agent-trust-hub — fal-qwen-image-edit