High-risk tools in ComfyUI MCP Server
4 of the 14 tools in ComfyUI MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
comfy_cancel_generationExecuteCancel a specific generation or interrupt the currently executing generation. Can optionally remove from queue.
-
comfy_wait_for_completionExecuteBlock until a generation completes or fails. Returns final outputs with image paths. Useful for synchronous workflows.
-
comfy_generate_simpleExecuteQuick image generation using pre-configured workflow templates (flux_txt2img, sd15_txt2img, sdxl_txt2img, basic_img2img). Ideal for common use cases without managing workflow JSON.
-
comfy_submit_workflowExecuteSubmit a complete workflow JSON to ComfyUI for execution. Supports parameter overrides for dynamic modifications without editing the workflow structure.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.