comfyui-node-lifecycle
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines an output node structure (SaveMyData) that ingests untrusted data through filename and data parameters. This represents an indirect prompt injection surface where malicious inputs could influence file system operations.
- Ingestion points: filename and data inputs in the SaveMyData.execute method within SKILL.md.
- Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the provided templates.
- Capability inventory: The execute method performs file-write operations using the Python open function.
- Sanitization: The example code lacks path sanitization or validation for the filename input, which could be exploited for path traversal.
Audit Metadata