The Agent Skills Directory

COMMAND_EXECUTION (LOW): The skill utilizes run_in_terminal() to perform project setup tasks such as git init and uv sync. While these are standard operations for a project initializer, executing commands based on user-provided strings (like project_name) presents a surface for command injection if the agent does not sanitize the input.
INDIRECT PROMPT INJECTION (LOW): The skill ingests untrusted user data (project_name) and interpolates it directly into shell commands and file paths.
Ingestion points: User input for 'project_name'.
Boundary markers: Absent in the provided workflow logic.
Capability inventory: run_in_terminal(), create_directory(), create_file().
Sanitization: No explicit sanitization or validation of the project name is defined in the script.

project-init