Skills
skills/jtydhr88/comfyui-custom-node-skills/comfyui-node-outputs/Gen Agent Trust Hub

comfyui-node-outputs

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The manual image saving example in SKILL.md contains a path traversal vulnerability where user-controlled input is used to construct file paths.
  • Evidence: The CustomSaveNode.execute method uses filepath = os.path.join(output_dir, f"{prefix}_{i:05d}.png") where prefix is an unsanitized input string.
  • Risk: This allows writing files to arbitrary directories outside the intended output path, which could be exploited to overwrite sensitive system files or create unauthorized content on the host filesystem.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 06:14 AM