image-edit
Fail
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The instructions for installing prerequisites include the command
curl -fsSL https://runcomfy.com/install.sh | sh. Piping a remote script directly to a shell is a dangerous pattern that executes unverified code with user-level privileges. - [COMMAND_EXECUTION]: The skill requires the execution of multiple shell commands, including a global package installation (
npm i -g @runcomfy/cli) and the use of theruncomfy runcommand with complex, user-influenced JSON payloads. - [EXTERNAL_DOWNLOADS]: The skill fetches and executes a setup script from an external URL (
https://runcomfy.com/install.sh) during the installation phase. - [PROMPT_INJECTION]: The skill's architecture presents a surface for indirect prompt injection attacks.
- Ingestion points: The
image_urlsandimagesfields across all routing options accept arbitrary, untrusted HTTPS URLs (SKILL.md). - Boundary markers: There are no delimiters or explicit instructions used to separate the external data from the agent's logic.
- Capability inventory: The skill has the capability to execute shell commands via the RunComfy CLI (SKILL.md).
- Sanitization: There is no evidence of validation, sanitization, or filtering of the input URLs or the prompts that interpolate this data.
Recommendations
- HIGH: Downloads and executes remote code from: https://runcomfy.com/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata