comfyui-gateway

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill’s runtime path for job execution takes outsider-authored free text from the client’s /jobs request body (e.g., inputs.prompt / negative_prompt), which is then rendered into the ComfyUI workflow template and sent to ComfyUI; this prompt text is not authored by the operating user and becomes LLM-readable context via the gateway’s own logging/DB/processing pipeline.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The content includes examples that fetch and execute remote code at runtime — e.g., the Supabase Edge Function imports runtime code from https://deno.land/std@0.177.0/http/server.ts and the Docker Compose pulls/executes the container image ghcr.io/ai-dock/comfyui:latest — both are external artifacts fetched at deploy/run time and would execute remote code the system relies on.