Skills
skills/agentspace-so/runcomfy-agent-skills/controlnet-pose/Gen Agent Trust Hub

controlnet-pose

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the @runcomfy/cli package from npm or use npx. This is a standard method for accessing the vendor's official command-line interface.
  • [COMMAND_EXECUTION]: Execution is limited to the runcomfy binary via the allowed-tools configuration. The skill provides specific examples for running model inference and managing login sessions.
  • [CREDENTIALS_UNSAFE]: Mentions that the API token is stored locally at ~/.config/runcomfy/token.json or can be provided via the RUNCOMFY_TOKEN environment variable. This follows standard security practices for CLI authentication and does not involve hardcoded secrets.
  • [DATA_EXFILTRATION]: Network operations are restricted to runcomfy.com and runcomfy.net domains, which are the service's official infrastructure. No unauthorized data exfiltration patterns were detected.
  • [PROMPT_INJECTION]: The skill identifies the surface for indirect prompt injection from third-party media URLs and provides explicit instructions for the agent to only process user-provided links and verify outputs.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 06:43 PM