omu
Fail
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The file
scripts/install.shdownloads a script fromhttps://plannotator.ai/install.shand pipes it directly tobash, which is an unverified remote code execution pattern from an untrusted domain. - [COMMAND_EXECUTION]: Multiple setup scripts (e.g.,
scripts/setup-claude.sh,scripts/setup-codex.sh,scripts/setup-gemini.sh) modify the internal configuration files of AI agents to register automation hooks. These hooks trigger the execution of local shell and Python scripts based on agent events, which could be exploited for unauthorized automated execution. - [EXTERNAL_DOWNLOADS]: The skill downloads and installs global Node.js packages and plugins from external registries during its installation and setup phases.
- [PROMPT_INJECTION]: The orchestration workflow processes content from
plan.mdand feedback files to determine execution steps, which creates a surface for indirect prompt injection if those files are influenced by untrusted data.
Recommendations
- HIGH: Downloads and executes remote code from: https://plannotator.ai/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata