image-to-video
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes the runcomfy CLI tool to perform video generation tasks. Evidence: Multiple runcomfy run commands are defined in SKILL.md.
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of a third-party CLI tool from a public registry. Evidence: npm i -g @runcomfy/cli is listed as a prerequisite in SKILL.md.
- [PROMPT_INJECTION]: The skill handles untrusted external media URLs and user prompts, creating an attack surface for indirect prompt injection. 1. Ingestion points: Parameters like image_url, prompt, video_url, and audio_url in SKILL.md; 2. Boundary markers: Input is passed as JSON to the CLI to avoid shell-level injection (specified in SKILL.md); 3. Capability inventory: Executes external commands via the runcomfy CLI (specified in SKILL.md); 4. Sanitization: The documentation in SKILL.md acknowledges the risk of image-based prompt injection at the model level.
- [SAFE]: The skill implements established security practices for credential management and limits network activity to official vendor domains. Evidence: Uses RUNCOMFY_TOKEN or a restricted local config file (~/.config/runcomfy/token.json) for authentication, and communicates only with *.runcomfy.net and *.runcomfy.com.
Audit Metadata