Skills
skills/leeovery/claude-technical-workflows/view-plan/Gen Agent Trust Hub

view-plan

Warn

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): Automatic execution of a local script located at $CLAUDE_PROJECT_DIR/.claude/hooks/workflows/system-check.sh via the PreToolUse hook. Running scripts from hidden directories within a project can be a vector for malicious code execution if the project contents are untrusted.
  • [DYNAMIC_EXECUTION] (MEDIUM): The skill constructs a file path for loading instructions using the {format} variable extracted from the frontmatter of a user-controlled plan.md file. This pattern is vulnerable to path traversal and allows for the dynamic loading of arbitrary instructional content from local files.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted data from plan.md and reading.md without sanitization or boundary markers. Evidence: 1. Ingestion points: docs/workflow/planning/{topic}/plan.md and ../technical-planning/references/output-formats/{format}/reading.md. 2. Boundary markers: Absent. 3. Capability inventory: ls, file read, script execution. 4. Sanitization: Absent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 22, 2026, 08:31 PM