The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the runcomfy command-line interface to process image editing requests. This is the primary function and is performed using the vendor's own tools.
[EXTERNAL_DOWNLOADS]: The skill facilitates the download of generated image assets from the vendor's verified domains, specifically runcomfy.net and runcomfy.com.
[DATA_EXFILTRATION]: Analysis of token handling confirms that API credentials are managed securely. The skill documentation describes storing tokens with restricted file permissions (0600) or using environment variables, which avoids hardcoding sensitive information.
[PROMPT_INJECTION]: The skill processes user-supplied prompts and image URLs as ingestion points in SKILL.md. It incorporates defensive design by passing inputs as JSON to the CLI to mitigate shell injection risks and includes documentation regarding model-level image injection risks. The capability inventory includes the runcomfy CLI executing network requests and file downloads, but sanitization is handled by the remote model API which fetches external URLs rather than the local client.

flux-kontext