The Agent Skills Directory

[SAFE]: The skill documents the use of the official @runcomfy/cli and runcomfy.com endpoints, which are legitimate resources belonging to the skill's author, runcomfy-com.
[COMMAND_EXECUTION]: The skill provides examples of using the runcomfy CLI to execute tasks. The documentation explicitly notes that user input is passed as a JSON string to the CLI to avoid shell injection vulnerabilities.
[CREDENTIALS_UNSAFE]: The skill describes the management of API tokens via ~/.config/runcomfy/token.json (with owner-only permissions) or the RUNCOMFY_TOKEN environment variable. This is a standard and secure method for managing CLI credentials for the vendor's service.
[PROMPT_INJECTION]: The skill acknowledges the risk of indirect prompt injection through external media URLs (image/video/audio) processed by the model. This is documented as a known risk factor of multi-modal AI models rather than a malicious feature of the skill itself.

seedance-v2