image-to-video

Pass

Audited by Gen Agent Trust Hub on Jul 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute the runcomfy CLI tool to run various video generation models.
  • Evidence: The skill documentation provides command-line examples such as runcomfy run happyhorse/happyhorse-1-0/image-to-video and runcomfy run wan-ai/wan-2-7/text-to-video.
  • Sanitization: The skill includes a dedicated 'Security & Privacy' section stating that user prompts are passed as JSON strings to avoid shell expansion issues, though the agent must ensure correct quoting when constructing the command line.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @runcomfy/cli package and uses the npx skills add command to fetch the skill from the agentspace-so GitHub organization.
  • Evidence: Instructions include npm i -g @runcomfy/cli and npx skills add agentspace-so/runcomfy-skills.
  • [CREDENTIALS_UNSAFE]: The skill documents the management of the RUNCOMFY_TOKEN and its storage in ~/.config/runcomfy/token.json.
  • Security Practice: It specifies that the token file is written with 0600 permissions (owner-only access) and supports environment variables for CI/CD environments, which is a standard security practice.
  • [DATA_EXFILTRATION]: The skill defines a whitelist for outbound endpoints used for request submission and downloading generated outputs.
  • Evidence: The whitelist includes model-api.runcomfy.net and *.runcomfy.com.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through user-provided media URLs and text prompts.
  • Ingestion points: image_url, video_url, audio_url, and prompt fields in the SKILL.md file.
  • Boundary markers: None explicitly mentioned for the model input, though standard for generative models.
  • Capability inventory: Shell command execution via runcomfy and local file writing to the specified --output-dir in SKILL.md.
  • Sanitization: No explicit sanitization or filtering of media content is performed by the skill itself; it notes that image-based prompt injection is a known risk for these types of models.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 13, 2026, 07:38 AM
Security Audit — agent-trust-hub — image-to-video