comfyui-research
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill monitors official repositories and community channels on reputable platforms including GitHub, HuggingFace, and YouTube. All monitored sources are relevant to the primary purpose of AI research and development.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as its core function is to ingest untrusted data from external sources.
- Ingestion points: Processes YouTube transcripts, GitHub release notes, and HuggingFace model cards.
- Boundary markers: No explicit delimiters or boundary markers are defined to isolate external data from system instructions.
- Capability inventory: Updates local markdown reference files and provides updated knowledge to downstream skills.
- Sanitization: No sanitization or validation mechanisms are described for the extracted external content.
- [DATA_EXFILTRATION]: No evidence of unauthorized data exfiltration. The skill interacts with local markdown files to maintain its internal state and knowledge base.
- [NO_CODE]: The skill consists entirely of markdown instructions and a YAML configuration file. No executable Python, JavaScript, or shell scripts are provided in the skill package.
Audit Metadata