comfy-cli
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill facilitates the installation and execution of 'custom nodes' via
comfy node install <name>. Since custom nodes are arbitrary Python scripts, an attacker could trigger the installation of malicious code by providing a compromised node name or registry entry. - [EXTERNAL_DOWNLOADS] (HIGH): The command
comfy model download --url <url>allows the agent to download files from any web address. This can be exploited to pull malicious binaries or scripts onto the local system. - [CREDENTIALS_UNSAFE] (MEDIUM): The tool manages and stores sensitive API tokens for CivitAI and Hugging Face (
civitai_api_token,hf_api_token). While necessary for gated models, these are stored in plaintext configuration files (config.ini), making them targets for exfiltration. - [COMMAND_EXECUTION] (MEDIUM): The skill provides high-level commands for system-level operations, including launching background servers (
comfy launch --background), stopping processes, and modifying the environment, which could be abused to disrupt the host system. - [INDIRECT_PROMPT_INJECTION] (LOW):
- Ingestion points: Processes
workflow.jsonandsnapshot.jsonfiles. - Boundary markers: None detected in documentation or command definitions.
- Capability inventory:
comfy node install-deps --workflowcan trigger automated package installations based on file content. - Sanitization: No evidence of sanitization or validation of the workflow files before processing.
Recommendations
- AI detected serious security threats
Audit Metadata