gpt-image-2
Pass
Audited by Gen Agent Trust Hub on Jul 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill interacts with the RunComfy service by executing the
runcomfyCLI. It securely passes user instructions and configuration as JSON strings, which prevents traditional shell injection attacks. - [EXTERNAL_DOWNLOADS]: The skill requires the
@runcomfy/clitool and downloads generated images from the vendor's verified domains (runcomfy.netandruncomfy.com). It includes safety measures such as a 2 GiB file size limit to protect local disk space from malicious or runaway outputs. - [CREDENTIALS_UNSAFE]: The skill manages authentication using a dedicated configuration file at
~/.config/runcomfy/token.jsonor through an environment variable. This is a standard and secure method for CLI tools to manage access without exposing system-wide credentials. - [PROMPT_INJECTION]: The skill processes user-supplied prompts and external image URLs, which is a known surface for indirect prompt injection.
- Ingestion points: User-provided strings in the
promptfield and external HTTPS image URLs in theimagesarray (SKILL.md). - Boundary markers: User inputs are encapsulated within structured JSON objects before being passed to the CLI.
- Capability inventory: The skill executes the
runcomfyCLI and downloads files to the user's local filesystem (SKILL.md). - Sanitization: The skill documents that the CLI transmits data directly to the Model API over HTTPS without shell expansion, and it explicitly warns users about the inherent risks of image-based prompt injection.
Audit Metadata