The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to execute ls -la and mkdir -p for directory management and verification. These commands are used to create the scaffolding for the project structure.- [DATA_EXPOSURE_AND_EXFILTRATION]: Accesses a local project registry file at ~/.claude/drupal-dev-framework/active_projects.json to store and retrieve project metadata and base paths. This is used for local state persistence within the agent's workspace.- [PROMPT_INJECTION]: The skill implements a security control by validating the user-provided project_name against a strict regular expression (^[a-z][a-z0-9_]*$) before it is used in any shell commands, effectively preventing command injection attacks.- [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes data from a local JSON registry file.
Ingestion points: Data is read from ~/.claude/drupal-dev-framework/active_projects.json during the initialization and registration steps.
Boundary markers: The skill relies on a structured JSON schema to parse and validate the registry content.
Capability inventory: The skill possesses the ability to execute shell commands (Bash), write files (Write tool), and read files (Read tool).
Sanitization: Input validation is present for the project name, though the storage path (projectsBase) relies on user input or the existing registry value.

project-initializer