project-onboarding

The skill footprint is coherent with its stated purpose of onboarding IDEA projects using internal tooling. Data flows are largely local (filesystem-based) with modular orchestration through dedicated sub-skills, and there are no obvious credential exfiltration or external communication patterns. The main risk is potential command-injection surface if user input can influence the exact commands executed during onboarding, especially around vault handling or dry-run/verbose options. Overall, the skill is BENIGN with MEDIUM Security Risk due to actionable shell/tool invocations and the vault onboarding path requiring careful handling.