Skills
skills/agentspace-so/runcomfy-agent-skills/ai-image-generation/Gen Agent Trust Hub

ai-image-generation

Fail

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Fetches and executes an installation script from the vendor's official domain via a piped shell command (https://runcomfy.com/install.sh | sh).
  • [EXTERNAL_DOWNLOADS]: Recommends installing the @runcomfy/cli package from the official NPM registry.
  • [DATA_EXFILTRATION]: Accesses the tool's local configuration file for authentication (~/.config/runcomfy/token.json) and communicates with the vendor's official API endpoints at *.runcomfy.net and *.runcomfy.com for model processing and file downloads.
  • [PROMPT_INJECTION]: The skill processes untrusted user input including text prompts and image URLs, which constitutes an indirect prompt injection surface.
  • Ingestion points: User-supplied text and URLs enter the agent context via the --input flag in SKILL.md.
  • Boundary markers: Prompts are encapsulated within a structured JSON string (e.g., {"prompt": "..."}).
  • Capability inventory: The skill can execute the runcomfy CLI tool using the Bash tool as defined in the YAML frontmatter.
  • Sanitization: Documentation specifies that the CLI transmits the JSON body directly to the API without performing shell expansion, which mitigates standard command injection risks.
Recommendations
  • HIGH: Downloads and executes remote code from: https://runcomfy.com/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
May 14, 2026, 10:44 AM