comfyui-skill-openclaw

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill clearly imports workflows from ComfyUI servers and instructs installing custom nodes from arbitrary public repos (see SKILL.md and docs: "comfyui-skill workflow import" and "comfyui-skill --json deps install --repos '["https://github.com/repo1"]'"), meaning the agent will read and act on untrusted third‑party (e.g., GitHub/workflow) content that can change execution and trigger installs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime dependency installer can be invoked with repos like "https://github.com/repo1" via comfyui-skill --json deps install <id> --repos '["https://github.com/repo1"]', which fetches external GitHub repositories at runtime and installs/executes their code as required custom nodes for workflows.