comfyui-character-gen
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes Python scripts in
references/talking-head-workflows.mdandreferences/voice-synthesis.mdthat usesubprocess.runto execute external inference scripts (e.g.,inference_codeformer.py,inference.py). While these are intended for automation, they lack input sanitization, posing a risk if user-controlled strings are passed as arguments.- [EXTERNAL_DOWNLOADS]: Multiple reference files (references/models.md,references/talking-head-workflows.md) instruct the user to download models and clone repositories from HuggingFace and GitHub. These targets (e.g.,github.com/Winfredy/SadTalker,huggingface.co/black-forest-labs/FLUX.1-dev) are well-known and trusted services for AI development.- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by interpolating user-provided character descriptions into system prompts and command arguments without boundary markers or sanitization. - Ingestion points: Character descriptions are ingested in
SKILL.mdandreferences/workflows.mdtemplates. - Boundary markers: Absent. No delimiters or warnings are used to separate untrusted user input from system instructions.
- Capability inventory: Includes file system access and execution of external Python scripts via
subprocess.runinreferences/talking-head-workflows.md. - Sanitization: Absent. User input is directly formatted into commands and prompts.
Audit Metadata