face-swap
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute the "runcomfy" CLI tool. These commands are used to interact with remote AI model endpoints for image and video processing tasks such as face swapping and motion transfer.
- [EXTERNAL_DOWNLOADS]: The skill references the installation of the "@runcomfy/cli" package via the npm registry. This is an official vendor resource associated with the functionality provided by the skill and the RunComfy platform.
- [INDIRECT_PROMPT_INJECTION]: The skill demonstrates an attack surface for indirect prompt injection through its ingestion of external media assets.
- Ingestion points: The skill accepts various remote media URLs (images, audio tracks, and videos) as input parameters for the CLI commands in SKILL.md.
- Boundary markers: Structural boundaries are provided by the JSON input format for the CLI; however, no specific delimiters or warnings to ignore instructions inside the media metadata are present for the data itself.
- Capability inventory: The skill utilizes the "runcomfy" command to process these external inputs, which triggers remote model execution.
- Sanitization: No explicit sanitization or validation of the content within the remote asset URLs is described in the skill instructions.
Audit Metadata