Skills
skills/agentspace-so/runcomfy-agent-skills/nano-banana-2/Gen Agent Trust Hub

nano-banana-2

Fail

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill defines several patterns for executing the runcomfy CLI tool where user-provided input is interpolated directly into a shell command line (e.g., runcomfy run ... --input '{"prompt": "<user prompt>"}'). This is a classic command injection vulnerability; if a user provides a prompt containing a single quote or shell meta-characters (like '; touch /tmp/pwned; '), the agent will generate a command that executes arbitrary shell code on the user's machine.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user or agent to install an external dependency, the @runcomfy/cli Node.js package, using npm i -g @runcomfy/cli. It also downloads generated image assets from remote domains (runcomfy.net and runcomfy.com) to a user-specified local directory.
  • [DATA_EXFILTRATION]: The skill interacts with sensitive local data by reading an API token from ~/.config/runcomfy/token.json or the RUNCOMFY_TOKEN environment variable. While this is necessary for the service to function, the combination of this access with the command injection risk and the ability to specify an arbitrary --output-dir (which could allow overwriting sensitive system files) presents a significant security surface.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 30, 2026, 06:42 AM