plan-hard

[Skill Scanner] Backtick command substitution detected BENIGN: The provided fragment describes a planning and coordination workflow for AI-agent tasks and does not implement code that reads inputs, writes outputs, or transmits data. It is coherent with its stated purpose of coordinating plan creation and validation, and does not introduce credential requirements or suspicious data flows. No malware indicators or risky permissions are present in the fragment. LLM verification: The 'plan-hard' skill fits its stated purpose (research + plan generation) and its file-creation and orchestration behaviors are reasonable for a planning agent. However, the explicit requirement to execute a repository-local Node script (node .claude/scripts/set-active-plan.cjs) and the ambiguous permissions of subagents/tools create a supply-chain risk: a malicious or tampered repository could cause arbitrary code execution, data exfiltration, or repository modification. I recommend preventing