comfyui

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs fetching models from public Hugging Face URLs (setup_models.sh wget) and cloning/installing community custom nodes via git (ComfyUI-Manager and listed custom node packs), which are untrusted third‑party artifacts that the ComfyUI runtime loads/executess as part of workflows and can materially change behavior or drive subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The installation instructs cloning and then running the repository (git clone https://github.com/comfyanonymous/ComfyUI.git followed by python main.py), so remote code from that URL would be fetched and executed as a required dependency at runtime.