skills/doany-ai/skills/flux-2-klein/Gen Agent Trust Hub

flux-2-klein

Pass

Audited by Gen Agent Trust Hub on May 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Directs the user to install the @runcomfy/cli package from the npm registry as a prerequisite for using the skill.
  • [COMMAND_EXECUTION]: Executes the runcomfy command-line utility to interact with the RunComfy Model API, involving subprocess calls and network operations to authorized RunComfy domains.
  • [PROMPT_INJECTION]: The skill processes untrusted user data which could contain malicious instructions for the underlying AI model.
  • Ingestion points: User-provided text prompts and external reference image URLs passed via CLI arguments in SKILL.md.
  • Boundary markers: The CLI uses JSON-formatted input structures to transmit data, providing structural separation between the command and the payload.
  • Capability inventory: Subprocess execution of the runcomfy binary and file system writes to a user-specified output directory.
  • Sanitization: Relies on the RunComfy CLI's internal handling and HTTPS transmission; the skill explicitly documents the risks of image-based prompt injection in its security section.
Audit Metadata
Risk Level
SAFE
Analyzed
May 29, 2026, 11:27 AM
Security Audit — agent-trust-hub — flux-2-klein