The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies on the runcomfy CLI to execute music generation tasks. The allowed-tools frontmatter correctly limits the Bash tool to only execute commands prefixed with runcomfy, which follows the principle of least privilege.
[EXTERNAL_DOWNLOADS]: The documentation provides instructions to install the @runcomfy/cli package from NPM. This is a standard method for installing developer tools from a public registry.
[CREDENTIALS_UNSAFE]: The skill references local storage of API tokens in ~/.config/runcomfy/token.json. It explicitly advises users on secure handling, such as setting file permissions to 0600 and avoiding logging the token, which aligns with security best practices for CLI tools.
[PROMPT_INJECTION]: No evidence of prompt injection or instructions to bypass safety guidelines was found. The skill's instructions focus entirely on the operational parameters for music generation.
[DATA_EXFILTRATION]: While the skill transmits user-provided prompts and lyrics to runcomfy.net, this is the intended functionality of the service. The documentation explicitly lists the allowed outbound endpoints, providing transparency into its network operations.

elevenlabs-music-generation