gpt-image-2

Pass

Audited by Gen Agent Trust Hub on Jul 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill interacts with the RunComfy service by executing the runcomfy CLI. It securely passes user instructions and configuration as JSON strings, which prevents traditional shell injection attacks.
  • [EXTERNAL_DOWNLOADS]: The skill requires the @runcomfy/cli tool and downloads generated images from the vendor's verified domains (runcomfy.net and runcomfy.com). It includes safety measures such as a 2 GiB file size limit to protect local disk space from malicious or runaway outputs.
  • [CREDENTIALS_UNSAFE]: The skill manages authentication using a dedicated configuration file at ~/.config/runcomfy/token.json or through an environment variable. This is a standard and secure method for CLI tools to manage access without exposing system-wide credentials.
  • [PROMPT_INJECTION]: The skill processes user-supplied prompts and external image URLs, which is a known surface for indirect prompt injection.
  • Ingestion points: User-provided strings in the prompt field and external HTTPS image URLs in the images array (SKILL.md).
  • Boundary markers: User inputs are encapsulated within structured JSON objects before being passed to the CLI.
  • Capability inventory: The skill executes the runcomfy CLI and downloads files to the user's local filesystem (SKILL.md).
  • Sanitization: The skill documents that the CLI transmits data directly to the Model API over HTTPS without shell expansion, and it explicitly warns users about the inherent risks of image-based prompt injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 13, 2026, 07:38 AM
Security Audit — agent-trust-hub — gpt-image-2