repo-ai-setup

Functionally, the script/plan is coherent and performs expected repository modifications (AGENTS.md creation, CLAUDE.md symlink, and workflow installation). The primary security issue is intentional: the optional subagent (`claude -p "/init"`) and the installed GitHub Action both create legitimate channels that may transmit repository contents and PR data to Anthropic/Claude. There is no sign of hidden malicious code or obfuscation. Recommended mitigations before enabling: review the workflow template contents carefully, ensure the workflow only sends minimal necessary data (apply explicit allowlists/denylist patterns), do not include secrets or sensitive files in the subagent input, and require manual review/commit of generated files. If the repository contains secrets, proprietary code, or regulated data, do not run the `claude` subagent or enable the workflow without additional sanitization safeguards.