relight
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@runcomfy/clipackage from the npm registry. This is a standard installation of a vendor-provided tool. - [COMMAND_EXECUTION]: The skill uses the
runcomfyCLI to interact with remote image models. It passes complex inputs, such as prompts and image URLs, as a JSON string via the--inputflag, which reduces the risk of shell-based command injection. - [SAFE]: Security best practices are followed for credential management. The skill documentation advises storing API tokens in a configuration file with restricted permissions (0600) or using environment variables for CI/CD environments.
- [SAFE]: The underlying CLI includes built-in safeguards, such as a 2 GiB file size cap for downloads, to prevent potential resource exhaustion issues.
- [SAFE]: The skill defines a clear boundary for indirect prompt injection risks by processing third-party image URLs as untrusted data and utilizing structured JSON for prompt delivery.
Audit Metadata