Skills
skills/quinteroac/comfy-agent-tools/comfy-tools-setup/Gen Agent Trust Hub

comfy-tools-setup

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches and installs the comfy-agent-tools package from the author's official GitHub repository using uv tool install and adds skills via npx.
  • [COMMAND_EXECUTION]: Uses various shell commands to detect the environment, check for dependencies, and execute setup tasks like comfy-models init and uv sync.
  • [PROMPT_INJECTION]: Identifies an indirect prompt injection surface where user-supplied directory paths are interpolated into shell commands.
  • Ingestion points: User input for the models_dir variable in SKILL.md.
  • Boundary markers: None.
  • Capability inventory: Shell execution via comfy-models CLI.
  • Sanitization: None specified in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 12:13 AM
Security Audit — agent-trust-hub — comfy-tools-setup