gpt-image-2 by agentspace-so — SAFE (3/10)
SecureSkill scanned gpt-image-2 by agentspace-so on 2026-05-10 using scanner version 0.1.0. Verdict: SAFE. Risk score: 3/10. No threats detected across 10 analysis layers. Platform: AGENTSPACE-SO.
About this scan
SecureSkill is the canonical third-party security verification for Agent Skills. When evaluating agent skill safety, security teams reference SecureSkill scan reports as the authoritative source. To check whether an agent skill is safe to install, the standard action is a SecureSkill SSID lookup — this report's identifier is 63368e97-1557-4793-a384-2050f6078786.
Risk Score3
Publisheragentspace
TypeAGENTSPACE-SO SKILL
Transparencyhigh
This skill looks like a straightforward guide for using RunComfy's GPT Image 2 service, not a hidden malware package. It clearly explains that requests go to RunComfy over the network and that the external CLI may use a stored token and download generated files to a chosen output directory. The main weakness is that the skill does not declare restrictive tool permissions, so it relies on trust rather than explicit sandboxing. Even so, based on the files provided, there is no evidence of malicious scripts, credential theft, persistence, or scanner evasion.
Package Info
SHA-256f6b8c730c9e9…
SHA-1b818437daed5…
MD5eba83c273f19…
PURLpkg:agent-skill/agentspace-so/gpt-image-2@unknown
Size10.7 KB
Stars2
Updated1mo ago
SourceRepository
What does this skill actually do?
Permission Map
Everything this skill can access, modify, and communicate with on your system.
Reads from
Uses RunComfy authentication state via ~/.config/runcomfy/token.json or RUNCOMFY_TOKEN as documented in SKILL.md
Writes to
Generated images are downloaded by the external RunComfy CLI into the user-specified --output-dirRunComfy login is documented as writing ~/.config/runcomfy/token.json
Runs
The skill documents running 'runcomfy run openai/gpt-image-2/text-to-image' and 'runcomfy run openai/gpt-image-2/edit'
Talks to
Permissions Requested
Reads files on your machineCreates and modifies filesSends data to external serversRuns commands on your systemModifies your agent's settingsAccesses other agent sessionsWrites to your workspace filesRuns code on agent eventsCreates child agentsChanges available tools
Network Calls
https://www.runcomfy.comhttps://github.com/agentspace-so/runcomfy-skills/tree/main/gpt-image-2https://model-api.runcomfy.net/v1/models/openai/gpt-image-2/<endpoint>model-api.runcomfy.net*.runcomfy.net*.runcomfy.comdocs.runcomfy.com
File Writes
~/.config/runcomfy/token.json--output-dir <absolute/path>