Skills
skills/agentspace-so/runcomfy-skills/nano-banana-edit/Gen Agent Trust Hub

nano-banana-edit

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using the runcomfy CLI and npx for package installation and model execution.
  • [EXTERNAL_DOWNLOADS]: The skill identifies the @runcomfy/cli tool as a dependency from the npm registry and processes external image data from user-provided HTTPS URLs.
  • [PROMPT_INJECTION]: The documentation identifies the potential for indirect prompt injection via untrusted image URLs and includes guidance on treat external content as untrusted, representing a defensive best practice.
  • [SAFE]: All functionality described is consistent with the skill's primary purpose of providing an interface to the RunComfy service. Authentication and data handling follow standard practices for CLI-based service integration.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 09:25 AM