Skills
skills/runcomfy-com/skills/happyhorse-1-0/Gen Agent Trust Hub

happyhorse-1-0

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the runcomfy CLI to submit video generation requests and manage job polling.
  • [EXTERNAL_DOWNLOADS]: The skill requires installation of the @runcomfy/cli package from npm and downloads generated video assets from verified vendor domains (runcomfy.com and runcomfy.net).
  • [PROMPT_INJECTION]: The skill manages an indirect prompt injection surface where user-supplied text is used for video generation.
  • Ingestion points: The user prompt field defined in the input schema in SKILL.md.
  • Boundary markers: The 'Security & Privacy' section states that the CLI transmits input as a JSON string and does not perform shell expansion.
  • Capability inventory: The skill can execute CLI commands and write files to the local file system via the --output-dir parameter.
  • Sanitization: Input is treated as a JSON string to mitigate shell-level injection risks.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 02:03 PM