Skills
skills/doany-ai/skills/flux-kontext/Gen Agent Trust Hub

flux-kontext

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches skill definitions and instructions from the agentspace-so/runcomfy-skills repository on GitHub and suggests installing the @runcomfy/cli package from the official npm registry.
  • [COMMAND_EXECUTION]: Executes the runcomfy CLI tool to interact with the RunComfy Model API. The skill explicitly notes that user-provided prompts are passed as JSON strings to avoid shell injection vulnerabilities.
  • [DATA_EXPOSURE]: Documents the location of the API token at ~/.config/runcomfy/token.json. It notes that the CLI manages this file with restricted permissions (0600) to ensure security.
  • [PROMPT_INJECTION]: While the skill ingests user prompts and image URLs, it implements strong boundary markers by passing data through a structured JSON body to the CLI, mitigating direct and indirect injection risks.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 05:49 PM