ai-music
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's primary function is to execute the
runcomfyCLI through the Bash tool. Access is properly restricted via theallowed-toolsfrontmatter to only theruncomfycommand. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it allows the agent to process external, untrusted audio files via URLs for editing tasks (inpainting and outpainting). The author explicitly notes this risk in the security section.
- Ingestion points: Ingestion of untrusted audio URLs occurs in the CLI examples for Route 3 and Route 4 in
SKILL.md. - Boundary markers: No explicit string delimiters are used for the JSON inputs, though the author provides instructions for the agent to watch for output divergence.
- Capability inventory: The skill is capable of command execution via the
runcomfyCLI. - Sanitization: No input sanitization is performed on the URL strings before they are passed to the CLI, though the instructions advise the agent to only ingest explicitly provided user data.
Audit Metadata