comfyui-nodes-dev
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill facilitates the creation of Python-based nodes that ingest external data and have server-side execution capabilities. Evidence Chain: 1. Ingestion points: Untrusted data enters via io.String.Input, io.Image.Input, and other schema-defined inputs listed in references/io-types.md. 2. Boundary markers: The templates and reference documentation do not provide or suggest the use of delimiters or 'ignore' instructions for user-provided strings. 3. Capability inventory: The execute() method in assets/v3_extension_template.py and references/v3-core.md allows for arbitrary Python execution on the host server. 4. Sanitization: No input sanitization or validation patterns for preventing prompt injection in user strings are included in references/validation-and-caching.md.
- [Data Exposure & Exfiltration] (LOW): The skill documents the use of folder_paths in references/folder-paths-and-files.md to access local directories. While this is standard for ComfyUI, the capability to list and read from the local file system constitutes a data exposure surface that must be carefully scoped to avoid access to sensitive system files.
Recommendations
- AI detected serious security threats
Audit Metadata