comfy-registry
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses an ingestion surface for untrusted external data.\n
- Ingestion points: Metadata from the ComfyUI registry enters the agent context via
comfy_searchandcomfy_spectools.\n - Boundary markers: Absent; no delimiters or system instructions are defined to separate registry content from agent commands.\n
- Capability inventory: The skill is restricted to information retrieval and discovery; it does not define tools for command execution, file system modification, or network-based exfiltration.\n
- Sanitization: No validation or escaping of external strings is specified in the tool definitions.
Audit Metadata