face-swap
Pass
Audited by Gen Agent Trust Hub on Jul 13, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@runcomfy/clitool from the npm registry. This is a scoped package corresponding to the service provider's official infrastructure and intended functionality. - [COMMAND_EXECUTION]: The execution of the
runcomfycommand is managed via theallowed-toolsconfiguration in the skill's frontmatter, ensuring the agent remains within a predefined and authorized scope of operation. - [PROMPT_INJECTION]: The skill provides defensive guidance against indirect prompt injection from untrusted external media assets. It specifically notes that reference assets are a known target for injection and provides a mandatory evidence chain for the agent to follow:
- Ingestion points: User-provided image, audio, and video URLs processed by the
runcomfyCLI. - Boundary markers: The instructions explicitly label external assets as untrusted and provide usage constraints for the agent (e.g., ingest only explicitly provided URLs).
- Capability inventory: Subprocess calls are limited to the
runcomfybinary via the Bash tool. - Sanitization: The skill states that input is passed to the CLI as a JSON string to avoid shell-injection surfaces.
- [SAFE]: The skill includes ethical guidelines that instruct the agent to verify consent and refuse the creation of defamatory, sexually explicit, or otherwise harmful synthetic media, regardless of model API acceptance.
Audit Metadata