comfy-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs fetching and installing models and custom nodes from public third‑party sources (CivitAI, Hugging Face, and arbitrary URLs) via commands like "comfy model download --url" and "comfy node install ", which ingests untrusted user-generated content that can change runtime behavior.