see-through-anime-layer-decomposition
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to clone external code from unverified third-party GitHub repositories, specifically 'https://github.com/shitagaki-lab/CubismPartExtr' and 'https://github.com/jtydhr88/ComfyUI-See-through'. These sources are outside the vendor's own namespace and the trusted organization list.
- [REMOTE_CODE_EXECUTION]: Models are automatically downloaded from unverified HuggingFace accounts ('layerdifforg' and '24yearsold') during first use. These models are essential for the skill's functionality but originate from unverified maintainers.
- [COMMAND_EXECUTION]: The skill uses
subprocess.runto execute various internal Python scripts (e.g., 'inference_psd.py', 'heuristic_partseg.py'). While using list arguments is a safer practice, the execution of these scripts is core to the workflow and involves processing external image files. - [COMMAND_EXECUTION]: Employs
importlib.utilfor dynamic module loading and execution of 'common/live2d/scrap_model.py'. This is a form of dynamic code execution that could be exploited if the local file system is compromised. - [PROMPT_INJECTION]: The skill processes untrusted external image data and decomposes it into layers through multiple automated steps. This creates an attack surface for indirect prompt injection where malicious instructions could theoretically be embedded in the input data (Category 8).
- Ingestion points: Image files specified via the
--srcpargument in multiple script calls. - Boundary markers: None identified in the provided prompt logic or script wrappers.
- Capability inventory: Subprocess execution, local file system writes to 'workspace/', and dynamic module loading.
- Sanitization: No explicit sanitization of input paths or image content is visible in the provided snippets.
Audit Metadata