The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform project setup and maintenance tasks. This includes executing environment commands like uv init, uv sync, and uv pip install, as well as running a bundled Python scaffolding script and development gates such as ruff, mypy, pytest, and pre-commit.
[EXTERNAL_DOWNLOADS]: The skill facilitates the download of external software artifacts and code. It uses the uv package manager to fetch dependencies from official registries and the git tool to clone or submodule external repositories from GitHub based on user-provided URLs. These interactions target well-known and established services.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interpolates user-controlled data—specifically the project name, description, and author information—directly into project files like README.md, AGENTS.md, and CLAUDE.md. These files are intended to provide instructions for future agent sessions, and malicious content in these fields could influence subsequent agent behavior.
Ingestion points: Project metadata gathered from user input during the Step 1 interactive phase.
Boundary markers: Absent; user input is rendered directly into text templates using {{VAR}} markers.
Capability inventory: The skill possesses extensive command execution and file manipulation capabilities across the project directory.
Sanitization: Absent; the skill performs direct string replacement without validation or escaping of the user-provided text.

init-python-project