ai-music

Pass

Audited by Gen Agent Trust Hub on Jul 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation and use of the @runcomfy/cli Node.js package from the official registry. This is standard behavior for a tool-based skill and targets the vendor's own CLI.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute runcomfy commands. Security risks are mitigated by the use of JSON-formatted inputs to pass data to the CLI, which prevents shell injection vulnerabilities.
  • [INDIRECT_PROMPT_INJECTION]: The skill identifies a potential attack surface where instructions could be embedded in third-party audio files processed during inpainting or outpainting tasks.
  • Ingestion points: The audio URL parameter within the input JSON for the audio-inpaint and audio-outpaint routes in SKILL.md.
  • Boundary markers: The skill documentation includes a "Security & Privacy" section that instructs the agent to only process audio URLs explicitly provided by the user and to monitor for unexpected output shifts.
  • Capability inventory: The agent is restricted to executing the runcomfy CLI via the Bash tool, limiting the impact of any potential injection.
  • Sanitization: Prompt data and URLs are passed as static fields within a JSON object to the CLI, avoiding direct shell interpretation of the untrusted content.
  • [CREDENTIALS_UNSAFE]: The skill documents the use of an API token stored at ~/.config/runcomfy/token.json. This is the standard configuration path for the CLI, and the skill includes instructions to avoid logging or exposing this token.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 13, 2026, 07:37 AM
Security Audit — agent-trust-hub — ai-music