comfyui-workflow-designer
Warn
Audited by Snyk on May 1, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly requires the agent to "主动检索 CivitAI/HuggingFace 与 ComfyUI 官方示例" and even provides web-search queries and a CivitAI API URL in references/model-architectures.md, so the agent will fetch and interpret untrusted public content (CivitAI/HuggingFace/public ComfyUI examples) that can materially change model/node selection and the generated workflow JSON.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs the agent to perform web searches and call external model pages/APIs at runtime (e.g. https://civitai.com/api/v1/models?sort=Highest%20Rated&period=Month&types=Checkpoint, https://huggingface.co/models?sort=trending&search=[architecture], and https://comfyanonymous.github.io/ComfyUI_examples/sd3/), which will be fetched during runtime to determine model/node names and thus directly influence the generated workflow JSON and agent instructions.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata