The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/generate.py executes system commands (e.g., locale, defaults read) to detect the operating system's language. This information is used to set the default language in the generated documentation. The commands are predefined in config.yaml and do not include untrusted user input.
[SAFE]: The skill implements a robust security boundary in scripts/generate.py via the validate_output_dir method. This check ensures that all file creation and modification tasks are strictly confined to the current working directory or its subdirectories, preventing unauthorized access to other parts of the filesystem.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting content from local README.md files and incorporating it into the generated AI instructions.
Ingestion points: The ProjectAnalyzer._parse_readme method in scripts/generate.py reads from README.md and its variants.
Boundary markers: None; the extracted content is placed directly into template placeholders like {项目描述}.
Capability inventory: The skill has the ability to write files to the disk and execute local shell commands for environment detection.
Sanitization: Extracted descriptions are truncated to 200 characters to limit the impact of potential injection, and project names are sanitized to remove special characters.

init-project