init-project

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill explicitly embeds "agent directives" that instruct agents to ignore system prompts and spawn sub-agents, and it modifies/merges agent permission files and copies user-local .claude content into the repo (then commits), which together create clear vectors for privilege escalation, covert data exfiltration of local/credential material, and a backdoor-like override of safety controls.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly runs Linear CLI commands in Step 5 ("Fetch Linear Project Data" using linear project view and linear issue list) and then reads and infers from issue titles, descriptions, and milestones to generate PROJECT.md/ROADMAP.md and drive subsequent actions, meaning it ingests user-generated third-party content that can materially influence agent behavior.