face-swap

Pass

Audited by Gen Agent Trust Hub on Jul 13, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the @runcomfy/cli tool from the npm registry. This is a scoped package corresponding to the service provider's official infrastructure and intended functionality.
  • [COMMAND_EXECUTION]: The execution of the runcomfy command is managed via the allowed-tools configuration in the skill's frontmatter, ensuring the agent remains within a predefined and authorized scope of operation.
  • [PROMPT_INJECTION]: The skill provides defensive guidance against indirect prompt injection from untrusted external media assets. It specifically notes that reference assets are a known target for injection and provides a mandatory evidence chain for the agent to follow:
  • Ingestion points: User-provided image, audio, and video URLs processed by the runcomfy CLI.
  • Boundary markers: The instructions explicitly label external assets as untrusted and provide usage constraints for the agent (e.g., ingest only explicitly provided URLs).
  • Capability inventory: Subprocess calls are limited to the runcomfy binary via the Bash tool.
  • Sanitization: The skill states that input is passed to the CLI as a JSON string to avoid shell-injection surfaces.
  • [SAFE]: The skill includes ethical guidelines that instruct the agent to verify consent and refuse the creation of defamatory, sexually explicit, or otherwise harmful synthetic media, regardless of model API acceptance.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 13, 2026, 07:37 AM
Security Audit — agent-trust-hub — face-swap