The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill recommends installing the @runcomfy/cli package from npm. This is a scoped package belonging to the vendor's own infrastructure.
[COMMAND_EXECUTION]: The agent uses the runcomfy CLI to perform video generation. Commands utilize the --input flag with structured JSON to pass parameters, effectively neutralizing shell injection risks from user-supplied prompt text.
[CREDENTIALS_UNSAFE]: Secret management follows best practices. The skill instructs on the use of the RUNCOMFY_TOKEN environment variable or a local config file with restricted permissions (0600). It explicitly warns against echoing or logging the API token.
[PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface where third-party media (images/audio/video) could contain instructions intended to steer the model. It provides clear mitigation strategies, such as instructing the agent to only ingest user-provided URLs and prioritize the system prompt over asset content.

ai-video-generation