skills/quinteroac/comfy-agent-tools/comfy-model-downloader/Snyk

comfy-model-downloader

Warn

Audited by Snyk on May 8, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly fetches model files from public third-party sources (Hugging Face and direct HTTP/Civitai links under "Auth And Sources") and those untrusted artifacts are downloaded, validated, and then used by generation workflows, so they can indirectly influence agent behavior.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 8, 2026, 12:13 AM

Issues

1

Security Audit — snyk — comfy-model-downloader