video-extend
Pass
Audited by Gen Agent Trust Hub on Jul 13, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
@runcomfy/clipackage. This is a verified vendor resource from the RunComfy ecosystem, used to interact with the platform's video generation services via API. - [COMMAND_EXECUTION]: Shell usage is restricted to the
runcomfyCLI through theallowed-toolsconfiguration, limiting the agent's execution scope to a specific, legitimate tool. - [PROMPT_INJECTION]: The skill identifies a potential surface for indirect prompt injection when processing third-party video content and provides clear mitigation guidance for agents.
- Ingestion points: The
video_urlparameter in theruncomfy runcommand which fetches external media. - Boundary markers: Input is structured as a JSON string, which helps separate data from command logic, though specific internal prompt delimiters are not used.
- Capability inventory: The
runcomfyCLI performs authenticated API calls to vendor endpoints and writes output files to the local filesystem. - Sanitization: The skill documentation notes that the CLI does not perform shell expansion on the prompt or URL content.
Audit Metadata