The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: Provides a functional exploit chain targeting CVE-2025-67303 and CVE-2026-22777 to achieve remote code execution on ComfyUI instances by manipulating security levels and installing malicious custom nodes.\n- [COMMAND_EXECUTION]: The scripts/evil-git-server.py script executes multiple system commands via subprocess.run to prepare an attack environment and defines a payload that executes arbitrary code on the target host.\n- [COMMAND_EXECUTION]: Instructions provide ready-made curl commands to manipulate remote server settings, including the use of URL-encoded CRLF characters (%0D) to perform configuration injection.\n- [PROMPT_INJECTION]: The skill includes instructions that override standard agent behavior by directing it to perform exploitation activities whenever ComfyUI management is discussed.

comfyui-exploit