The Agent Skills Directory

[PROMPT_INJECTION]: No malicious instructions, bypass attempts, or safety filter overrides were detected in the prompt templates or documentation.
[DATA_EXFILTRATION]: The skill communicates exclusively with the vendor's official domains (runcomfy.com and runcomfy.net). It provides clear warnings against insecurely handling API tokens and follows standard practices for secret management.
[EXTERNAL_DOWNLOADS]: Dependencies are limited to the official vendor package (@runcomfy/cli) via standard package managers. No unverified remote script execution patterns (e.g., curl to bash) were found.
[COMMAND_EXECUTION]: Shell access is strictly limited to the runcomfy CLI tool as defined in the allowed-tools configuration. The skill uses JSON-encoded input to ensure user prompts cannot be interpreted as shell commands.
[INDIRECT_PROMPT_INJECTION]: While the skill processes external media URLs which represent a potential surface for indirect injection, it proactively identifies this risk in its security section and uses structured data boundaries to mitigate technical exploitation.

ai-video-generation