comfy-edit
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs users to clone multiple external GitHub repositories, including 'https://github.com/peteromallet/VibeComfy', 'https://github.com/kijai/ComfyUI-KJNodes', and several others from the 'banodoco' and 'purzbeats' organizations. While these are popular in the AI community, they are not on the developer's pre-approved 'Trusted Organizations' list.
- COMMAND_EXECUTION (MEDIUM): The 'MCP_SETUP.md' file creates and executes a shell script ('run_mcp.sh') and uses 'claude mcp add' to register it. This involves direct command-line operations that bypass standard package management safety checks.
- REMOTE_CODE_EXECUTION (MEDIUM): Multiple files ('MCP_SETUP.md', 'references/RECOMMENDED_PACKS.md') instruct the user to run 'pip install' on requirements files from these external repositories. If any of these repositories are compromised, they could execute arbitrary code during the installation phase.
- DATA_EXFILTRATION (SAFE): No explicit patterns of sensitive file access (like SSH keys or AWS credentials) or suspicious network exfiltration were detected.
Audit Metadata