The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes multiple shell commands to gather project context, including reading git configuration, package metadata, and project planning files. It specifically invokes external CLI tools such as 'glab' and 'gh' to interact with repository APIs.
[DATA_EXFILTRATION]: The skill accesses personally identifiable information (PII) from the local git configuration, specifically 'user.name' and 'user.email'. This information is used to populate a team table in the generated 'README.md', which could result in the unintended public exposure of these details.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests data from several external project files and interpolates it into its processing instructions without using sanitization or boundary markers.
Ingestion points: 'package.json', 'CLAUDE.md', '.planning/ROADMAP.md', '.planning/PROJECT.md', '.planning/STATE.md', and '.linear-project'.
Boundary markers: No explicit markers are used to isolate untrusted content from the system instructions.
Capability inventory: The skill possesses 'Write', 'Edit', and 'Bash' capabilities, which could be exploited through a successful injection.
Sanitization: No sanitization of the ingested content is performed.

init-project-docs