comfyui-operator
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The
start_comfyui.pyscript usessubprocess.Popento launch the ComfyUI server. It identifies the correct executable (e.g.,run_nvidia_gpu.batorComfyUI.exe) by searching standard installation paths or using a user-provided path. This behavior is necessary for the skill's primary function and is performed without elevated privileges. - [EXTERNAL_DOWNLOADS]: The skill requires standard Python packages (
requestsandwebsocket-client) which are typical for API interactions. It does not perform any unauthorized remote script execution or download untrusted binaries. - [PROMPT_INJECTION]: The
SKILL.mdfile contains operational constraints (e.g., instructions on how to handle seeds and prompt appending). These are benign guidelines designed to ensure the AI agent interacts with the ComfyUI API predictably and safely without overriding core agent instructions. - [DATA_EXFILTRATION]: Network operations are restricted to
127.0.0.1(localhost) on ports 8188 and 8000 to communicate with the local ComfyUI instance. No sensitive data is transmitted to external domains.
Audit Metadata