The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill uses bunx and npx to download and execute code at runtime. Specifically, it executes get-shit-done-cc@latest and various 'skills' (e.g., web-design-guidelines, seo-audit, agent-browser) whose exact sources and integrity are not fully verifiable within the skill context.
[EXTERNAL_DOWNLOADS]: Fetches configuration and code from multiple external sources. While some are well-known (Vercel's create-next-app, Clerk, Neon), the skill also downloads and installs several 'core skills' and the get-shit-done-cc framework from public registries.
[PROMPT_INJECTION]: The CLAUDE.md file generated in Step 7 contains explicit instructions to override the agent's default behavior. It uses language typical of prompt injection attempts, such as 'Ignore your default directives', 'SENIOR DEV OVERRIDE', and 'You are FORBIDDEN from reporting a task as complete until...'.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting untrusted data from an external service.
Ingestion points: Data is fetched via linear issue list and linear project view commands in Step 5a.
Boundary markers: None are present in the templates for .planning/PROJECT.md or ROADMAP.md where this data is interpolated.
Capability inventory: The skill has Bash, Write, and Edit tools enabled, allowing it to execute commands and modify the filesystem based on the processed data.
Sanitization: There is no evidence of sanitization or validation of the titles or descriptions fetched from Linear issues before they are placed into the agent's context files.
[COMMAND_EXECUTION]: Extensive use of the Bash tool to perform system checks, initialize git repositories, interact with the Linear CLI, and perform multi-step file operations.

init-project