comfyui

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md and scripts explicitly accept arbitrary external model-weight URLs (download_weights.py / "Model weights from URLs") and require the agent to read and edit user-supplied workflow JSON (SKILL.md steps 1–2), meaning untrusted third‑party files are fetched/ingested and can materially change downstream generation or tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's download_weights.py can fetch and install/execute the pget binary at runtime from https://github.com/replicate/pget/releases/latest/download (and the SKILL.md also describes cloning and running https://github.com/comfyanonymous/ComfyUI.git during install), which means remote code/binaries are downloaded and executed as part of normal operation—constituting a direct runtime external dependency that executes remote code.