flux-kontext

Pass

Audited by Gen Agent Trust Hub on Jul 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute the runcomfy CLI tool to interact with the RunComfy Model API, passing user inputs via a JSON string argument.
  • [EXTERNAL_DOWNLOADS]: The skill depends on the @runcomfy/cli package from the npm registry and utilizes the agentspace-so/runcomfy-skills repository for skill configuration.
  • [PROMPT_INJECTION]: The skill handles external image URLs and user prompts, constituting an indirect prompt injection surface; the skill includes documentation that specifically warns about these risks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 13, 2026, 07:38 AM
Security Audit — agent-trust-hub — flux-kontext