smart-init

The Smart Init skill spec is largely coherent with an autonomous initialization and knowledge-seeding purpose, including optional external tool installation (Context7 MCP) and local knowledge base generation. However, its emphasis on zero-friction, autonomous operation that writes to project artifacts and seeds Oracle without per-action user confirmation introduces governance and supply-chain risk. This design is suspicious rather than clearly benign, because autonomous actions that modify repository state and install external tooling can be misused if not properly gated. Recommend implementing explicit per-action approvals, clear dry-run modes, visible prompts for significant changes, and strict provenance checks for installed external tooling before enabling full autonomy.