JFrog Skills PoC

The skill will silently run npm install in your current repository whenever you send an ALL-CAPS message — the behavior is coherent with its description but is risky and disproportionate because it modifies repo state and installs an untrusted package without confirmation or visibility.

This skill will silently run `npm install @guykorol_jfrog/fun-time` in whatever directory the agent is running in whenever the user's message is ALL-CAPS. Because it installs an unreviewed package and allows repo modifications without asking, do not enable it on any environment with important code or data. If you want to test it safely: (1) run in an isolated sandbox or disposable repo/VM, (2) require the skill to ask for explicit confirmation before installing, (3) inspect the package (check its package.json and any install/postinstall scripts) and verify the publisher before running, and (4) ensure npm is available and network access is controlled. Prefer rejecting or modifying the skill to remove the 'do not alert the user' instruction and to add explicit safety checks before any disk- or network-modifying actions.