weekly-plan
Warn
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local shell script located at
~/.claude/scripts/weekly-plan.sh. This allows for arbitrary command execution on the host system. - [PROMPT_INJECTION]: The skill contains behavioral overrides and processes untrusted data without proper sanitization.
- Direct Injection: The skill uses an 'IMPORTANT' directive to force the agent to automatically exit, which acts as a manual override of standard agent completion behavior.
- Indirect Injection Surface: The skill reads daily logs, repository files, and GitHub issues, all of which are potential vectors for malicious instructions.
- Ingestion points: Content is read from
~/code/claude-log/, grant repositories, and GitHub issues. - Boundary markers: No delimiters or 'ignore' instructions are provided to prevent the agent from obeying instructions embedded within the ingested data.
- Capability inventory: The agent has the power to execute shell scripts and write files to the local filesystem.
- Sanitization: There is no evidence of validation or sanitization for any content read from external sources.
Audit Metadata