The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes multiple shell commands to perform image processing and file management. It uses variables derived from user input (e.g., PET_NAME, PET_DESC, SOURCE_URL) which are interpolated into shell commands. This creates a potential command injection surface if the input is not sanitized, as seen in the usage of $PET_NAME within mkdir and path construction.
[EXTERNAL_DOWNLOADS]: The skill relies on external software, specifically the @runcomfy/cli Node.js package and the imagemagick system binary. These are necessary for the skill's primary function but represent external dependencies.
[DATA_EXFILTRATION]: The skill facilitates the transmission of a user-provided image URL to the RunComfy API for remote processing. While this is the intended functionality of the skill, it involves an external data flow to the vendor's infrastructure.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. Untrusted data (the SOURCE_URL) is interpolated directly into a JSON input for an image generation model without explicit boundary markers or sanitization, which could potentially be used to influence the model's behavior via metadata or image content.

codex-pet