project-init-orchestrator

This skill's documented capabilities are broadly coherent with its stated purpose (project orchestration). However, there are suspicious and high-risk operational choices: executing scaffold scripts from ~/.claude/skills/* and copying user agent configuration directories (.claude/, .codex/, .cursor/) into the project are both operations that exceed the minimal needs of a project init tool and can expose sensitive data or allow arbitrary code execution. The skill should require explicit user consent before executing home-hosted scripts, avoid blind copying of agent config directories (or at least warn and offer selective inclusion), and recommend integrity checks or pinned package versions for installs. Overall: not overtly malicious in the description, but the described behavior is potentially dangerous in practice and should be treated with caution.