domain-planner

This is an orchestration playbook that documents an automated multi-agent lifecycle for implementing domain slices. The text itself contains no direct malicious code or obfuscation techniques, but it prescribes operational behaviors that materially increase supply-chain and repository risk: temporary symlinking of local unpublished packages, single-message parallel launches of high-privilege agents, and automated acceptance/proceeding without explicit human review. Recommended mitigations: enforce least privilege for agents, require human-in-the-loop approval for critical steps (switching local packages, final acceptance/retire), mandate signed commits/branch protections and reproducible builds, and add provenance checks and audit logging for any symlinked or local dependency usage. With these mitigations the procedural risk can be reduced to acceptable operational levels.