image-to-video
Pass
Audited by Gen Agent Trust Hub on Jul 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute the
runcomfyCLI tool to run various video generation models. - Evidence: The skill documentation provides command-line examples such as
runcomfy run happyhorse/happyhorse-1-0/image-to-videoandruncomfy run wan-ai/wan-2-7/text-to-video. - Sanitization: The skill includes a dedicated 'Security & Privacy' section stating that user prompts are passed as JSON strings to avoid shell expansion issues, though the agent must ensure correct quoting when constructing the command line.
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@runcomfy/clipackage and uses thenpx skills addcommand to fetch the skill from theagentspace-soGitHub organization. - Evidence: Instructions include
npm i -g @runcomfy/cliandnpx skills add agentspace-so/runcomfy-skills. - [CREDENTIALS_UNSAFE]: The skill documents the management of the
RUNCOMFY_TOKENand its storage in~/.config/runcomfy/token.json. - Security Practice: It specifies that the token file is written with 0600 permissions (owner-only access) and supports environment variables for CI/CD environments, which is a standard security practice.
- [DATA_EXFILTRATION]: The skill defines a whitelist for outbound endpoints used for request submission and downloading generated outputs.
- Evidence: The whitelist includes
model-api.runcomfy.netand*.runcomfy.com. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through user-provided media URLs and text prompts.
- Ingestion points:
image_url,video_url,audio_url, andpromptfields in theSKILL.mdfile. - Boundary markers: None explicitly mentioned for the model input, though standard for generative models.
- Capability inventory: Shell command execution via
runcomfyand local file writing to the specified--output-dirinSKILL.md. - Sanitization: No explicit sanitization or filtering of media content is performed by the skill itself; it notes that image-based prompt injection is a known risk for these types of models.
Audit Metadata