Skills
skills/jtydhr88/comfyui-custom-node-skills/comfyui-node-frontend/Gen Agent Trust Hub

comfyui-node-frontend

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The documentation defines an architecture for frontend extensions that facilitates the ingestion of untrusted data from the server, creating a surface for indirect prompt injection or cross-site scripting (XSS).
  • Ingestion points: SKILL.md describes the use of app.api.addEventListener("executed", ...) to receive arbitrary node outputs from the backend.
  • Boundary markers: There are no instructions or patterns provided for delimiting or validating this external content within the extension context.
  • Capability inventory: api-reference.md documents high-privilege methods such as fetchApi for authenticated network requests and storeUserData for server-side file manipulation.
  • Sanitization: Code examples in SKILL.md demonstrate the use of innerHTML for UI rendering, which can be exploitable if populated with untrusted data from the server without sanitization.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 09:24 PM