relight
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the installation of the
@runcomfy/clipackage via npm and the use ofnpx. These are standard methods for accessing the vendor-provided tool required for the skill's functionality. - [COMMAND_EXECUTION]: Execution is limited to the
runcomfyCLI using theBashtool. The skill explicitly addresses shell injection risks by utilizing JSON for input parameters, ensuring that untrusted prompt content is not interpreted as shell commands. - [PROMPT_INJECTION]: The skill is designed to handle external image URLs and user-defined prompts. This constitutes an indirect prompt injection surface. The documentation proactively provides guidance on mitigating these risks, such as limiting processing to user-provided assets and monitoring for unexpected behavior.
Audit Metadata