The Agent Skills Directory

[COMMAND_EXECUTION]: Grants execution permissions using chmod +x to shell scripts installed to the .claude/hooks/ directory to enable their use as agent hooks.
[COMMAND_EXECUTION]: Configures automated command execution in .claude/settings.json, linking the installed shell scripts to agent events such as PreToolUse, PostToolUse, and Stop.
[EXTERNAL_DOWNLOADS]: Locates and copies scripts and configuration files from the sd0x-dev-flow plugin directory (identified in ~/.claude/plugins/ or node_modules/) into the project environment, introducing external logic into the local repository.
[PROMPT_INJECTION]: Vulnerable to indirect prompt injection during the project detection and configuration phase.
Ingestion points: Manifest files such as package.json, pyproject.toml, and Cargo.toml (analyzed in Phase 1).
Boundary markers: Absent; the skill performs direct string replacement of placeholders in the CLAUDE.md template.
Capability inventory: The skill has access to Bash, Write, and Edit tools to modify project behavior.
Sanitization: No validation or escaping is applied to values extracted from external project manifests before they are integrated into the persistent CLAUDE.md configuration file.

project-setup