seedance-v2
Pass
Audited by Gen Agent Trust Hub on Jul 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill is purely informational and provides documentation for using a legitimate external CLI tool.
- [COMMAND_EXECUTION]: The skill documents the use of the
@runcomfy/clitool to interact with the RunComfy API. The execution patterns use structured JSON input for the--inputflag, which mitigates standard shell injection risks. - [EXTERNAL_DOWNLOADS]: The skill describes downloading generated media from official
*.runcomfy.netand*.runcomfy.comdomains. These are trusted service endpoints for the described functionality. - [CREDENTIALS_UNSAFE]: The documentation references standard practices for managing API tokens using environment variables (
RUNCOMFY_TOKEN) or configuration files (~/.config/runcomfy/token.json). No hardcoded credentials or unsafe exfiltration patterns were found.
Audit Metadata