The Agent Skills Directory

[COMMAND_EXECUTION]: The skill generates a .claude/settings.json file containing PostToolUse hooks. These hooks are configured to execute standard shell commands for code formatting and linting, such as npx prettier, npx @biomejs/biome, ruff, and black, targeting the files being edited.
[SAFE]: Performs local file system reads on project configuration files (e.g., package.json, pyproject.toml, go.mod, Cargo.toml) and documentation (e.g., README.md, ARCHITECTURE.md) to auto-detect the technology stack. This data is used solely for project initialization and documentation generation.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes untrusted local data from files like README.md to inform the generation of project rules. Ingestion points: Reads project files including package.json, README.md, and the docs/ directory in Phase 1. Boundary markers: None identified during the file scanning phase. Capability inventory: Capable of writing and editing files (CLAUDE.md, .claude/settings.json) and defining executable hooks. Sanitization: The skill incorporates a 'Phase 2: Interview' and 'Phase 5: Verification' where the user confirms the detected landscape and reviews the generated files before finalization, providing a manual validation checkpoint.

initializing-projects