ai-image-generation

Pass

Audited by Gen Agent Trust Hub on Jul 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool restricted to the runcomfy command to interact with the RunComfy API. It provides structured examples that pass inputs via JSON strings to the --input flag, which effectively prevents shell injection even when processing user-supplied prompts.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the operator to install the @runcomfy/cli package from the official NPM registry. It also downloads generated image files from the platform's official domains (*.runcomfy.net and *.runcomfy.com) into a user-specified output directory.
  • [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection because it can process external data from untrusted sources (reference images and web search results).
  • Ingestion points: External content enters the agent's context through image URLs (e.g., image_urls, images) and the enable_web_search feature, which can influence the image generation model.
  • Boundary markers: Data is encapsulated within a JSON object passed to the CLI's --input parameter.
  • Capability inventory: The skill can execute the runcomfy command, make network requests to the RunComfy API, and write files to the local file system.
  • Sanitization: The skill documentation includes a dedicated 'Security & Privacy' section that warns about these risks and recommends mitigations such as only using user-provided URLs and keeping web search disabled by default.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 13, 2026, 07:38 AM