Back to skill

Security audit

Fal Text-to-Image

Security checks across malware telemetry and agentic risk

Overview

This is a coherent fal.ai image-generation skill with expected API-key, remote-processing, and image-output behavior, but users should treat prompts, input images, and saved metadata as privacy-sensitive.

Install only if you are comfortable using fal.ai for remote image processing. Do not submit confidential prompts, sensitive personal images, private URLs, or regulated data unless approved, keep the FAL_KEY out of source control, monitor API costs, and strip image metadata before sharing generated outputs externally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)

Missing User Warnings

Low
Confidence
89% confidence
Finding
The cheatsheet instructs users to place a live API key in a plaintext `.env` file without any warning about local secret exposure risks. While common in developer tooling, this can lead to accidental leakage through source control, backups, shell history, shared workspaces, or screenshots, especially for less experienced users.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly advertises that prompts and generation parameters are embedded into output image metadata, but it does not warn users about the privacy and information disclosure risk of sharing those images. Prompts can contain sensitive business ideas, personal data, internal project names, or safety-relevant editing instructions, and EXIF metadata can persist when images are redistributed.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill encourages users to upload prompts and source images to fal.ai but does not warn that those inputs leave the local environment and are sent to a third-party service. In this context, users may provide sensitive photos, internal brand assets, or confidential prompt content, so the omission creates a real privacy and data-handling risk through uninformed disclosure rather than direct code execution.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document states that generated images are saved with metadata containing the prompt, model, and parameters, but it does not warn users that this embedded metadata can persist when files are shared. That can leak sensitive prompts, internal project details, or workflow information to downstream recipients who inspect the image metadata.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The reference-image examples show local files being supplied as inputs without warning that those images may be uploaded to external services for processing. Users may reasonably assume local files stay local, so this can cause unintended disclosure of sensitive images, proprietary assets, or personal data.

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
79% confidence
Finding
python-dotenv

Known Vulnerable Dependency: pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more

Critical
Category
Supply Chain
Confidence
92% confidence
Finding
pillow

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
88% confidence
Finding
requests

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.