wan-2-7
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill documents the use of the
runcomfyCLI tool. It provides examples of how the agent should construct commands to generate videos, using a JSON-formatted string for inputs to prevent shell injection.- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the@runcomfy/clipackage via NPM. It also specifies that generated video outputs are downloaded from authorized domains (*.runcomfy.netand*.runcomfy.com).- [CREDENTIALS_UNSAFE]: The skill mentions the storage of API tokens in~/.config/runcomfy/token.jsonor via theRUNCOMFY_TOKENenvironment variable. It correctly uses placeholders for these sensitive values and describes standard local security measures (mode 0600).
Audit Metadata