Skills
skills/agentspace-so/runcomfy-agent-skills/video-outpainting/Gen Agent Trust Hub

video-outpainting

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the @runcomfy/cli package from the official NPM registry to enable video processing capabilities.
  • [COMMAND_EXECUTION]: The skill uses the runcomfy CLI to perform video outpainting, which involves executing shell commands with restricted parameters through the RunComfy binary.
  • [DATA_EXFILTRATION]: The skill performs network operations to official runcomfy.com and runcomfy.net domains to transmit video processing parameters and download the resulting media files.
  • [PROMPT_INJECTION]: The skill ingests external video URLs, which constitutes a potential indirect prompt injection surface.
  • Ingestion points: Untrusted data enters the agent context via the video_url parameter in the runcomfy run command input (SKILL.md).
  • Boundary markers: The skill uses JSON structured data to pass inputs to the CLI, providing clear separation between instructions and data.
  • Capability inventory: The runcomfy tool performs network operations and file writes (SKILL.md).
  • Sanitization: The skill includes documentation asserting that the CLI does not perform shell-expansion and provides instructions for the agent to only use explicitly provided user URLs.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 09:42 PM