Skills
skills/runcomfy-com/skills/ai-avatar-video/Gen Agent Trust Hub

ai-avatar-video

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes user-provided asset URLs and text prompts which represent a potential surface for indirect instructions.
  • Ingestion points: Input parameters (image_url, audio_url, prompt) used in the runcomfy run command in SKILL.md.
  • Boundary markers: Data is passed as a structured JSON string to the --input argument.
  • Capability inventory: The runcomfy CLI (managed via Bash(runcomfy *)) performs network requests to vendor APIs and handles file downloads.
  • Sanitization: Documentation specifies that the CLI does not perform shell expansion on input content.
  • [EXTERNAL_DOWNLOADS]: Recommends the installation of the @runcomfy/cli package. This is the official tool associated with the skill author and is necessary for the skill's functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 12:44 PM