comfyui-prompt-engineer
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides structural guidelines and text-based templates for image generation prompts. It does not include any executable scripts, binaries, or code logic.
- [NO_CODE]: No source code is shipped with the skill; its functionality is based on natural language instructions for the AI agent rather than executable scripts.
- [PROMPT_INJECTION]: The workflow involves reading character profiles from project-specific YAML files, which presents a surface for indirect prompt injection. 1. Ingestion points: projects/{project}/characters/{name}/profile.yaml and generation_history. 2. Boundary markers: None identified. 3. Capability inventory: The skill has no active capabilities such as command execution, file modification, or network access. 4. Sanitization: No validation steps are defined for ingested data. This surface is considered safe because the skill's output is limited to text generation and it lacks the permissions required to execute malicious instructions.
Audit Metadata