comfyui-exploit

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is explicitly malicious: it documents weaponized exploit chains (CVE-2025-67303 and CVE-2026-22777) to downgrade security, remotely install malicious custom nodes via a hosted Git repo, and execute arbitrary commands (including reverse shells or key planting), constituting RCE, supply-chain compromise, and clear backdoor behavior.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to fetch and modify remote, untrusted ComfyUI endpoints (e.g., GET/POST http://target:8188/userdata/ComfyUI-Manager%2Fconfig.ini and calls to /api/manager/db_mode and /customnode/install/git_url using attacker-controlled HTTP/Git URLs) and to read those responses to drive follow-up exploit actions, so it directly consumes untrusted third-party content that can change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs installing a remote malicious Git repository such as "http://YOUR_IP:9999/evil-node-XXXXXX" (e.g., http://your-ip:9999/evil-node-) at runtime via /customnode/install/git_url, and the fetched repository's install.py is executed on the target, directly causing remote code execution.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs modifying service configuration (config.ini), rebooting the manager, and installing malicious custom nodes to achieve remote code execution, i.e. steps that change system state and enable RCE on the host.