comfy-musicgen
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's primary function is the execution of the
uv run comfy-musicgenCLI tool to generate music locally on the user's system. - [EXTERNAL_DOWNLOADS]: The instructions refer to
comfy-model-downloader, a utility used to download necessary model checkpoints if they are not already present in the/mnt/models/comfyuidirectory. - [PROMPT_INJECTION]: The skill processes user-supplied data through the
--promptand--lyricsarguments. This creates a potential surface for indirect prompt injection or command injection if the inputs are not properly sanitized before being passed to the shell.
Audit Metadata