image-edit

Pass

Audited by Gen Agent Trust Hub on Jul 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
  • [CREDENTIALS_UNSAFE]: The documentation explicitly references the storage location of authentication tokens at ~/.config/runcomfy/token.json. While this is standard configuration for the integrated CLI tool and is described alongside security recommendations (mode 0600), it identifies a sensitive path on the user's filesystem.
  • [PROMPT_INJECTION]: The skill handles untrusted external data in the form of image and mask URLs, which creates a surface for indirect prompt injection targeting the underlying image models.
  • Ingestion points: The skill accepts image_urls, images, image, and mask_image parameters across multiple routes, which are fetched by the remote model server.
  • Boundary markers: The skill documentation notes that user prompts are encapsulated within JSON strings before being passed to the CLI to prevent shell-based injection attacks.
  • Capability inventory: The skill utilizes a local CLI to communicate with a remote API and downloads generated image files to the local file system.
  • Sanitization: The CLI implementation includes a 2 GiB file size limit for downloads to prevent potential disk-exhaustion attacks from malicious or runaway model outputs.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 13, 2026, 07:38 AM
Security Audit — agent-trust-hub — image-edit