The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the jf CLI and curl as a fallback to interact with the JFrog Platform's REST API. This is expected behavior for a provisioning tool.
[CREDENTIALS_UNSAFE]: Accesses .env files to load JFROG_ACCESS_TOKEN and JFROG_URL. This is documented as a standard and safe practice for local environment configuration and credential management.
[PROMPT_INJECTION]: The skill processes user-supplied inputs (display_name, description) that are interpolated into a shell command and JSON payload, which represents a potential surface for indirect injection.
Ingestion points: User-provided inputs defined in SKILL.md.
Boundary markers: Absent in the shell script implementation.
Capability inventory: jf and curl execution for network operations; source command for environment modification.
Sanitization: The PROJECT_KEY is strictly validated against a regex (^[a-z][a-z0-9]{2,31}$), but other metadata fields are used without explicit sanitization.

jfrog-provision-project