cli-anything-comfyui
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
cli-anything-comfyuiPython package. This package is the primary tool for the skill and originates from the same author, representing a standard dependency for its intended functionality. - [COMMAND_EXECUTION]: The skill utilizes a series of CLI commands to manage generation workflows, monitor system statistics, and handle image files. These operations involve executing the
cli-anything-comfyuibinary on the host system to interact with the local ComfyUI REST API. - [DATA_EXPOSURE]: The skill interacts with a ComfyUI server running on the local network (
http://localhost:8188). It sends workflow data to this endpoint and downloads generated images from it to local file paths specified by the user. - [PROMPT_INJECTION]: The skill processes workflow JSON files that define node graphs for image generation, creating a surface for indirect prompt injection.
- Ingestion points: Workflow JSON files ingested via the
loadcommand or the--workflowargument in thequeue promptcommand. - Boundary markers: The skill does not define specific markers or delimiters to differentiate between workflow data and potential instructions embedded within the JSON structure.
- Capability inventory: The skill has the capability to execute generation prompts, clear queues, and write files (images) to the local file system.
- Sanitization: No sanitization or validation logic is explicitly described for the JSON content before it is processed and sent to the local server API.
Audit Metadata