Skills
skills/akillness/oh-my-skills/plannotator/Gen Agent Trust Hub

plannotator

Fail

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill performs a piped remote execution during installation.
  • Evidence: scripts/install.sh contains curl -fsSL https://plannotator.ai/install.sh | bash.
  • [DYNAMIC_CONTEXT_INJECTION]: The skill creates plugin commands for OpenCode that pass unvalidated user input directly to shell commands.
  • Evidence: scripts/setup-opencode-plugin.sh creates a markdown file plannotator-annotate.md using the !plannotator annotate "$ARGUMENTS"`` syntax, which allows arbitrary command injection when the skill is loaded.
  • [DYNAMIC_EXECUTION]: Several setup scripts use embedded Python code to programmatically modify local environment and configuration files.
  • Evidence: scripts/setup-hook.sh, scripts/setup-gemini-hook.sh, scripts/setup-codex-hook.sh, and scripts/setup-opencode-plugin.sh all utilize python3 for JSON and TOML manipulation.
  • [PERSISTENCE_MECHANISMS]: The skill persists environment variables by modifying user shell initialization files.
  • Evidence: scripts/configure-remote.sh appends export statements to ~/.bashrc, ~/.zshrc, and other shell profiles.
Recommendations
  • HIGH: Downloads and executes remote code from: https://plannotator.ai/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 20, 2026, 04:32 AM