Skills
skills/agentspace-so/runcomfy-agent-skills/video-extend/Gen Agent Trust Hub

video-extend

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the @runcomfy/cli package from the public npm registry, which is an expected action for using the vendor's toolset.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run runcomfy commands for video extension. Input is structured as a JSON string to prevent shell command injection.
  • [DATA_EXFILTRATION]: The skill connects to RunComfy's official domains (*.runcomfy.net and *.runcomfy.com) to process video requests. It correctly instructs on the secure handling of API tokens and environment variables.
  • [PROMPT_INJECTION]: The skill identifies a potential indirect prompt injection surface where untrusted data from a user-provided video URL could influence model behavior. It provides guidance to mitigate this by ensuring user intent matches the data source.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 03:47 PM