image-edit
Pass
Audited by Gen Agent Trust Hub on Jul 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [CREDENTIALS_UNSAFE]: The documentation explicitly references the storage location of authentication tokens at
~/.config/runcomfy/token.json. While this is standard configuration for the integrated CLI tool and is described alongside security recommendations (mode 0600), it identifies a sensitive path on the user's filesystem. - [PROMPT_INJECTION]: The skill handles untrusted external data in the form of image and mask URLs, which creates a surface for indirect prompt injection targeting the underlying image models.
- Ingestion points: The skill accepts
image_urls,images,image, andmask_imageparameters across multiple routes, which are fetched by the remote model server. - Boundary markers: The skill documentation notes that user prompts are encapsulated within JSON strings before being passed to the CLI to prevent shell-based injection attacks.
- Capability inventory: The skill utilizes a local CLI to communicate with a remote API and downloads generated image files to the local file system.
- Sanitization: The CLI implementation includes a 2 GiB file size limit for downloads to prevent potential disk-exhaustion attacks from malicious or runaway model outputs.
Audit Metadata