The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses dynamic context injection to run find and grep commands at load time for project environment discovery. These operations are benign and intended for identifying the project language and existing configuration files.\n- [EXTERNAL_DOWNLOADS]: The skill installs feature flag SDKs and providers from official package registries (NPM, PyPI) and official tool repositories (GitHub). These include standard OpenFeature implementations which are safe and expected for this functionality.\n- [PROMPT_INJECTION]: A low-severity surface for indirect prompt injection exists as the skill ingests data from untrusted project metadata files like package.json, pyproject.toml, and docker-compose.yml.\n
Ingestion points: Manifest and configuration files in the project root.\n
Boundary markers: None present.\n
Capability inventory: The agent can execute Bash, Write, and Edit commands, potentially allowing modification of the environment based on instructions hidden in project files.\n
Sanitization: No content validation is performed on the ingested metadata files.

configure-feature-flags