The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill includes an installation script (scripts/install.py) that downloads a binary and executes it to verify the version.\n
Evidence: The script fetches a binary from github.com/kamjin3086/comfy-swap and executes it using subprocess.run to extract version information.\n
Risk: The script contains logic to explicitly disable SSL verification (ssl.CERT_NONE) if a secure connection fails, allowing for potential delivery of a malicious binary via an intercepted network connection.\n- [EXTERNAL_DOWNLOADS]: The skill relies on fetching components and updates from external network locations.\n
Evidence: The install.py script downloads binaries and metadata from GitHub's release API.\n
Evidence: The setup.md instructions guide the agent to perform binary upgrades using a built-in download command.\n- [COMMAND_EXECUTION]: The skill makes extensive use of system commands to manage the installation environment.\n
Evidence: The installation script and setup guide utilize chmod +x to grant execution permissions to downloaded files.\n
Evidence: The skill modifies system shell profiles (e.g., ~/.bashrc, ~/.zshrc) to update the user's PATH variable.\n
Evidence: The skill uses pkill and taskkill to terminate running processes during upgrades.\n- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by processing external data.\n
Ingestion points: Data enters the agent context through comfy-swap list, comfy-swap logs, and comfy-swap info commands in SKILL.md.\n
Capability inventory: The skill can execute CLI commands, write files to the disk, and modify environment configurations as documented in references/cli-reference.md.\n
Sanitization: No evidence of sanitization or validation of the content returned by the ComfyUI API or logs is performed before being processed by the LLM.\n
Boundary markers: There are no explicit delimiters or protective instructions used when interpolating external tool output into the prompt.

comfy-swap