The Agent Skills Directory

[DATA_EXFILTRATION]: The SKILL.md file contains a hardcoded absolute Windows directory path: F:\software\ComfyUI-aki-v1.6\ComfyUI\user\default\workflows\. The instructions direct the agent to reference this path to check for available local resources such as checkpoints and LoRAs. This constitutes an information disclosure of the author's local environment and could facilitate unauthorized file access or directory traversal if the agent environment permits local file system operations.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted user input to generate complex JSON structures without proper isolation.
Ingestion points: User-provided descriptions of image themes, styles, and technical preferences processed during Phase 1.
Boundary markers: Absent. The instructions do not define delimiters or provide specific prompts to the agent to treat user input as data rather than instructions.
Capability inventory: The skill is capable of generating detailed JSON workflow files and is instructed to perform web searches for model information.
Sanitization: No input validation, escaping, or filtering is performed on user strings before they are used to plan the node graph and populate JSON fields.

comfyui-workflow-designer