High-risk tools in ComfyUI Builder
7 of the 60 tools in ComfyUI Builder are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
build_workflowExecuteBuild a ComfyUI workflow from a template and parameters. Returns workflow JSON ready to execute or save. For txt2img_flux, call get_system_resources first and use only when flux...
-
execute_batchExecuteExecute multiple workflows in batch. Submits each workflow and waits for completion (polling). Optional concurrency and stop_on_error. Requires COMFYUI_HOST.
-
execute_chainExecuteExecute a chain of workflows in sequence. Each step runs after the previous completes. Use inputFrom and outputTo to pass the output image from one step to the next (e.g. txt2im...
-
execute_workflowExecuteSubmit a ComfyUI workflow to run. Returns prompt_id. Use get_execution_status(prompt_id) to check result. Requires COMFYUI_HOST and ComfyUI running.
-
execute_workflow_streamExecuteExecute workflow with streaming real-time progress updates. Requires WebSocket support. Returns result and progress event history. Use for monitoring execution progress. Require...
-
execute_workflow_syncExecuteSubmit a ComfyUI workflow and wait until execution completes with real-time progress (WebSocket if available, polling fallback). Returns prompt_id, status (completed/failed/time...
-
reload_comfyuiExecuteRestart ComfyUI so that newly installed custom nodes are loaded, then optionally sync them to the knowledge base. Requires COMFYUI_PATH (ComfyUI installation directory) and uses...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.