ace-step

Pass

Audited by Gen Agent Trust Hub on Jul 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the runcomfy CLI tool through the Bash tool. The configuration includes allowed-tools: Bash(runcomfy *), which restricts the shell execution environment to only the intended command, adhering to security best practices for least privilege.
  • [EXTERNAL_DOWNLOADS]: The documentation provides instructions to install the @runcomfy/cli tool from the NPM registry. This is a standard method for distributing official software packages and utilizes a well-known service.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface because it ingests untrusted data from external audio URLs which are then processed by the agent.
  • Ingestion points: The audio parameter in the audio-inpaint and audio-outpaint routes accepts HTTPS URLs to external media.
  • Boundary markers: Parameters are encapsulated in a structured JSON object passed to the CLI, providing some delimiter protection.
  • Capability inventory: Across the defined tasks, the skill has access to subprocess execution (via Bash), file-system writes for audio outputs, and network operations conducted by the CLI.
  • Sanitization: The skill assumes the underlying CLI correctly handles the JSON-formatted input string to prevent command injection at the shell boundary.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 13, 2026, 07:37 AM
Security Audit — agent-trust-hub — ace-step