runninghub

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The AI Application flow in references/ai-application.md (and SKILL.md) clearly instructs the agent to list/fetch RunningHub AI apps and their metadata/cover images from runninghub.cn (user-created ComfyUI workflows), read node fieldValue/description and use those values to construct --node/--file arguments to run apps, meaning untrusted, user-generated third‑party content is ingested and can directly influence tool execution.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly accepts RunningHub AI app links like https://www.runninghub.cn/ai-detail/1877265245566922800 and at runtime calls python3 {baseDir}/scripts/runninghub_app.py --info/--run to fetch the app's node prompt fields and execute the remote ComfyUI workflow, so the runninghub.cn AI app URL is fetched during runtime and directly controls prompts/executes remote code.