runcomfy-cli
Pass
Audited by Gen Agent Trust Hub on Jul 13, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Recommends the installation of the
@runcomfy/clipackage through the official NPM registry. - [COMMAND_EXECUTION]: Utilizes the
runcomfycommand-line tool via theBashtool to submit model requests and manage authentication. - [CREDENTIALS_UNSAFE]: Appropriately handles authentication tokens by storing them in a local configuration file (
~/.config/runcomfy/token.json) with restricted permissions (0600) and supporting environment variables for CI/CD environments. - [INDIRECT_PROMPT_INJECTION]: Proactively identifies the risk of indirect prompt injection from untrusted external assets (images, video, web search results) and provides the agent with specific guidance to mitigate these risks.
Audit Metadata