The Agent Skills Directory

[COMMAND_EXECUTION]: Utility scripts in the scripts/ directory utilize subprocess.run to execute the flowerpower CLI and install the framework via pip. These interactions are used for project lifecycle management and use safe execution patterns (argument lists) that prevent shell injection.
[EXTERNAL_DOWNLOADS]: The init_project.py script installs the flowerpower package and its optional components (io, ui) from the official Python package index. This is the legitimate core framework authored by legout for this skill.
[PROMPT_INJECTION]: The skill's architecture for processing data from S3 buckets and APIs represents a potential surface for indirect prompt injection.
Ingestion points: Untrusted data is loaded via pl.scan_parquet(source_uri) and fetch_external_api(url) within the pipeline examples.
Boundary markers: No explicit instruction delimiters are provided in the templates; however, data is typically handled within structured Polars DataFrames.
Capability inventory: The framework allows for subprocess execution (via scripts), network requests (requests), and file system writes (polars).
Sanitization: The skill explicitly includes and documents data validation patterns using the Pandera library (e.g., validate_schema in SKILL.md) to ensure that ingested data meets expected schemas.

using-flowerpower