runcomfy-cli

Pass

Audited by Gen Agent Trust Hub on Jul 13, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Recommends the installation of the @runcomfy/cli package through the official NPM registry.
  • [COMMAND_EXECUTION]: Utilizes the runcomfy command-line tool via the Bash tool to submit model requests and manage authentication.
  • [CREDENTIALS_UNSAFE]: Appropriately handles authentication tokens by storing them in a local configuration file (~/.config/runcomfy/token.json) with restricted permissions (0600) and supporting environment variables for CI/CD environments.
  • [INDIRECT_PROMPT_INJECTION]: Proactively identifies the risk of indirect prompt injection from untrusted external assets (images, video, web search results) and provides the agent with specific guidance to mitigate these risks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 13, 2026, 07:37 AM
Security Audit — agent-trust-hub — runcomfy-cli