Skills
skills/agentspace-so/runcomfy-agent-skills/gpt-image-edit/Gen Agent Trust Hub

gpt-image-edit

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute the runcomfy CLI tool to perform image editing operations. The instructions use a structured JSON input pattern to pass parameters to the CLI, minimizing the risk of shell injection.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @runcomfy/cli Node.js package from the official npm registry. It also involves fetching image data from user-provided HTTPS URLs, which is a core part of its intended functionality.
  • [SAFE]: All network operations are restricted to official RunComfy domains (runcomfy.net and runcomfy.com), which are legitimate endpoints for the service provided by the vendor.
  • [SAFE]: Secret management is handled securely by encouraging the use of environment variables (RUNCOMFY_TOKEN) or configuration files with restricted owner-only permissions (0600), preventing unauthorized access to API tokens.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 06:40 AM