The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The scripts/install.sh file uses curl to fetch a shell script from https://plannotator.ai/install.sh and pipes it directly into the bash interpreter. This pattern allows for the execution of arbitrary remote code on the host system without prior verification. A similar pattern is provided for Windows systems using PowerShell's iex command to execute a remote .ps1 script from the same domain.
[COMMAND_EXECUTION]: Several scripts, including scripts/setup-hook.sh, scripts/setup-gemini-hook.sh, and scripts/setup-codex-hook.sh, modify the internal configuration files of AI agents (~/.claude/settings.json, ~/.gemini/settings.json, and ~/.codex/config.toml). These modifications inject hooks that automatically trigger the execution of the plannotator command whenever the agent enters or exits specific modes.
[COMMAND_EXECUTION]: The scripts/configure-remote.sh script identifies and modifies the user's primary shell profiles (such as .zshrc, .bashrc, or .profile) to persist environment variables (PLANNOTATOR_REMOTE, PLANNOTATOR_PORT). Modifying shell initialization files is a technique used for persistence and can affect the security posture of the entire terminal environment.
[COMMAND_EXECUTION]: The skill uses Python one-liners to dynamically generate and merge JSON configuration data into existing system files. While functional, this practice involves runtime generation of configuration logic that influences how AI agents interact with the local filesystem and external tools.
[DATA_EXPOSURE_AND_EXFILTRATION]: The skill configuration allows for the redirection of plan data to a custom share URL (PLANNOTATOR_SHARE_URL), which defaults to share.plannotator.ai. This introduces a mechanism where implementation plans, which may contain sensitive project logic or code structure, are sent to an external service for sharing and visualization.

plannotator