Skills
skills/agentspace-so/runcomfy-agent-skills/flux-kontext/Gen Agent Trust Hub

flux-kontext

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security vulnerabilities or malicious patterns were identified in the skill metadata or instructions. The skill is consistent with its stated purpose.
  • [COMMAND_EXECUTION]: Defines command-line invocations for the runcomfy CLI to submit image-editing tasks to a remote server.
  • [EXTERNAL_DOWNLOADS]: Recommends the installation of the @runcomfy/cli package from the official npm registry as a prerequisite.
  • [PROMPT_INJECTION]: The skill documents an attack surface for indirect prompt injection through user-supplied prompts and source images. 1. Ingestion points: User-supplied prompt and image URL entering the command context in SKILL.md examples. 2. Boundary markers: The CLI tool encapsulates inputs within a JSON string for the --input argument. 3. Capability inventory: The skill performs network operations to model-api.runcomfy.net and file-write operations to a local --output-dir. 4. Sanitization: Documentation explicitly states the CLI tool avoids shell expansion by transmitting the raw JSON body directly to the API over HTTPS.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 04:57 AM