Skills
skills/runcomfy-com/skills/gpt-image-2/Gen Agent Trust Hub

gpt-image-2

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill operates by executing the runcomfy CLI tool. This command-line interface is used to send image generation requests and download the resulting assets to a specified local directory.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @runcomfy/cli tool from the npm registry. It also facilitates the download of generated image files from the vendor's authorized domains, specifically *.runcomfy.net and *.runcomfy.com.
  • [PROMPT_INJECTION]: The skill processes untrusted user data, including text prompts and external image URLs, which are then passed to the CLI. The documentation specifies that the tool avoids shell expansion by transmitting these inputs as structured JSON, mitigating common command injection and indirect prompt injection vectors.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 02:02 PM