ai-music
Pass
Audited by Gen Agent Trust Hub on Jul 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation and use of the
@runcomfy/cliNode.js package from the official registry. This is standard behavior for a tool-based skill and targets the vendor's own CLI. - [COMMAND_EXECUTION]: The skill uses the
Bashtool to executeruncomfycommands. Security risks are mitigated by the use of JSON-formatted inputs to pass data to the CLI, which prevents shell injection vulnerabilities. - [INDIRECT_PROMPT_INJECTION]: The skill identifies a potential attack surface where instructions could be embedded in third-party audio files processed during inpainting or outpainting tasks.
- Ingestion points: The
audioURL parameter within the input JSON for theaudio-inpaintandaudio-outpaintroutes inSKILL.md. - Boundary markers: The skill documentation includes a "Security & Privacy" section that instructs the agent to only process audio URLs explicitly provided by the user and to monitor for unexpected output shifts.
- Capability inventory: The agent is restricted to executing the
runcomfyCLI via theBashtool, limiting the impact of any potential injection. - Sanitization: Prompt data and URLs are passed as static fields within a JSON object to the CLI, avoiding direct shell interpretation of the untrusted content.
- [CREDENTIALS_UNSAFE]: The skill documents the use of an API token stored at
~/.config/runcomfy/token.json. This is the standard configuration path for the CLI, and the skill includes instructions to avoid logging or exposing this token.
Audit Metadata