The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The master installation script (scripts/install.sh) downloads a shell script from https://plannotator.ai/install.sh and pipes it directly into the bash interpreter. This pattern executes remote code without verifying the script's content or integrity, posing a significant security risk if the remote source is compromised.
[EXTERNAL_DOWNLOADS]: The skill fetches installation scripts and packages from various external domains, including bun.sh and plannotator.ai. While bun.sh is a well-known service, the practice of piping unverified remote scripts to a shell for installation bypasses standard package management security controls.
[COMMAND_EXECUTION]: Multiple setup scripts (e.g., setup-claude.sh, setup-codex.sh, setup-gemini.sh) modify the global configuration files of AI agent platforms (such as ~/.claude/settings.json and ~/.codex/config.toml). These modifications register the skill's own Python and Bash scripts as event hooks (e.g., ExitPlanMode, UserPromptSubmit). These hooks are subsequently executed automatically by the agent platform during standard operation, establishing a persistent presence in the agent's execution environment.
[COMMAND_EXECUTION]: The planning loop script (scripts/plannotator-plan-loop.sh) utilizes bash socket redirection (/dev/tcp) to perform local port probing. This technique is used as a health check to detect when the local plannotator UI server is listening, but it is a technique frequently associated with network redirection and reverse shells.
[PROMPT_INJECTION]: The skill implements a UI verification sub-phase ("annotate") that ingests user-provided comments and UI annotations from a local server (http://localhost:4747/pending). These annotations are used to guide the agent's code-fixing logic. The absence of boundary markers or sanitization for this external data creates an attack surface for indirect prompt injection, as malicious instructions embedded in an annotation could influence the agent's subsequent code changes.

jeo