comfy-nodes
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill provides installation instructions and links for third-party GitHub repositories that are not included in the 'Trusted GitHub Organizations' list.
- Evidence:
references/PURZ_EXAMPLES.mdprovidesgit clonecommands forhttps://github.com/purzbeats/purz-comfyui-workflowsandhttps://github.com/purzbeats/ComfyUI-Purz. - Evidence:
references/OFFICIAL_DOCS.mdlinks to templates and resources athttps://github.com/Comfy-Org/andhttps://github.com/jtydhr88/. - [PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface as it is designed to ingest untrusted user Python code and transform it into executable ComfyUI nodes.
- Ingestion points: The skill body in
SKILL.mdidentifies user-provided Python snippets as primary input for conversion (Step 1). - Boundary markers: Absent. There are no instructions to the agent to treat user-provided snippets as potentially adversarial or to ignore embedded instructions.
- Capability inventory: The resulting nodes are intended for execution on the user's ComfyUI server and have significant capabilities, including filesystem access via the
folder_pathsmodule and model management viacomfy.model_management(documented inreferences/NODE_TEMPLATE.md). - Sanitization: Absent. No instructions are provided to sanitize, escape, or validate the user-provided Python logic before wrapping it into the node template.
Audit Metadata