The Agent Skills Directory

[COMMAND_EXECUTION]: The Python script scripts/generate.py executes shell commands via subprocess.run(shell=True) to detect the operating system's locale (e.g., locale, defaults read). Although these commands are sourced from the internal config.yaml file and not from user input, use of the shell is a sensitive operation.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted data to generate system-level instructions for the agent.
Ingestion points: ProjectAnalyzer._parse_readme in scripts/generate.py reads the project name and the first paragraph of any existing README.md file.
Boundary markers: The extracted project description is interpolated into the {项目描述} or {核心功能描述} placeholders in templates/AGENTS.md.template and templates/README.md.template without surrounding boundary markers or instructions to ignore embedded commands.
Capability inventory: The skill has the capability to write files to the project directory and execute shell commands for system environment detection.
Sanitization: Project names are sanitized using regular expressions, and descriptions are truncated to 200 characters. However, there is no validation to ensure the extracted text does not contain malicious instructions that could override agent behavior once the generated AGENTS.md is loaded as a 'Single Source of Truth'.

init-project