ai-image-generation
Pass
Audited by Gen Agent Trust Hub on Jul 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool restricted to theruncomfycommand to interact with the RunComfy API. It provides structured examples that pass inputs via JSON strings to the--inputflag, which effectively prevents shell injection even when processing user-supplied prompts. - [EXTERNAL_DOWNLOADS]: The skill instructs the operator to install the
@runcomfy/clipackage from the official NPM registry. It also downloads generated image files from the platform's official domains (*.runcomfy.netand*.runcomfy.com) into a user-specified output directory. - [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection because it can process external data from untrusted sources (reference images and web search results).
- Ingestion points: External content enters the agent's context through image URLs (e.g.,
image_urls,images) and theenable_web_searchfeature, which can influence the image generation model. - Boundary markers: Data is encapsulated within a JSON object passed to the CLI's
--inputparameter. - Capability inventory: The skill can execute the
runcomfycommand, make network requests to the RunComfy API, and write files to the local file system. - Sanitization: The skill documentation includes a dedicated 'Security & Privacy' section that warns about these risks and recommends mitigations such as only using user-provided URLs and keeping web search disabled by default.
Audit Metadata