Skills
skills/doany-ai/skills/controlnet-pose/Gen Agent Trust Hub

controlnet-pose

Pass

Audited by Gen Agent Trust Hub on May 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the official @runcomfy/cli tool from the NPM registry.
  • [COMMAND_EXECUTION]: Uses the runcomfy command-line tool to interact with Model API endpoints for image and video generation.
  • [CREDENTIALS_UNSAFE]: Manages service authentication via environment variables or a configuration file at ~/.config/runcomfy/token.json using standard secure practices.
  • [PROMPT_INJECTION]: Analyzed for indirect prompt injection surface: 1. Ingestion points: External image and video URLs are ingested via the --input parameter in SKILL.md. 2. Boundary markers: The documentation specifies that the CLI does not perform shell expansion on input content. 3. Capability inventory: Command execution is limited to the runcomfy CLI tool. 4. Sanitization: External inputs are passed as structured JSON payloads to mitigate injection risks.
Audit Metadata
Risk Level
SAFE
Analyzed
May 29, 2026, 11:27 AM
Security Audit — agent-trust-hub — controlnet-pose