flux-kontext
Pass
Audited by Gen Agent Trust Hub on Jul 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute the
runcomfyCLI tool to interact with the RunComfy Model API, passing user inputs via a JSON string argument. - [EXTERNAL_DOWNLOADS]: The skill depends on the
@runcomfy/clipackage from the npm registry and utilizes theagentspace-so/runcomfy-skillsrepository for skill configuration. - [PROMPT_INJECTION]: The skill handles external image URLs and user prompts, constituting an indirect prompt injection surface; the skill includes documentation that specifically warns about these risks.
Audit Metadata