comfyui
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
scripts/download_weights.pyscript automatically fetches thepgetbinary from Replicate's GitHub repository to facilitate parallel weight downloads if the tool is not locally available. - [REMOTE_CODE_EXECUTION]: The
SKILL.mdfile instructs the agent to clone the ComfyUI source code and install its dependencies usingpipfrom an external repository, which is a standard setup procedure for this tool. - [COMMAND_EXECUTION]: The skill uses
subprocess.runto execute the downloadedpgetutility and employsos.chmodto modify file permissions during the setup process. - [COMMAND_EXECUTION]: Agent instructions in
SKILL.mdrequire the execution of shell commands to start and manage the local ComfyUI server and to run the provided Python scripts. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted workflow JSON data supplied by users. Malicious instructions could be embedded in node metadata or string inputs.
- Ingestion points: User-supplied workflow JSON files and model weight URL lists described in
SKILL.md. - Boundary markers: None identified; the agent is instructed to directly inspect and modify the JSON content.
- Capability inventory: Subprocess execution in
scripts/download_weights.pyand shell command execution instructions inSKILL.md. - Sanitization: None; the skill relies on the agent's internal logic to identify and edit specific JSON nodes.
Audit Metadata