ace-step
Pass
Audited by Gen Agent Trust Hub on Jul 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
runcomfyCLI tool through the Bash tool. The configuration includesallowed-tools: Bash(runcomfy *), which restricts the shell execution environment to only the intended command, adhering to security best practices for least privilege. - [EXTERNAL_DOWNLOADS]: The documentation provides instructions to install the
@runcomfy/clitool from the NPM registry. This is a standard method for distributing official software packages and utilizes a well-known service. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface because it ingests untrusted data from external audio URLs which are then processed by the agent.
- Ingestion points: The
audioparameter in theaudio-inpaintandaudio-outpaintroutes accepts HTTPS URLs to external media. - Boundary markers: Parameters are encapsulated in a structured JSON object passed to the CLI, providing some delimiter protection.
- Capability inventory: Across the defined tasks, the skill has access to subprocess execution (via Bash), file-system writes for audio outputs, and network operations conducted by the CLI.
- Sanitization: The skill assumes the underlying CLI correctly handles the JSON-formatted input string to prevent command injection at the shell boundary.
Audit Metadata