The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The scripts/install.sh script executes a remote script using curl -fsSL https://plannotator.ai/install.sh | bash. This pattern allows an external server to execute arbitrary code on the local system without prior verification.
[EXTERNAL_DOWNLOADS]: The skill attempts to download and install its CLI component from plannotator.ai, which is not a recognized trusted source or a verified resource belonging to the author 'supercent-io'.
[COMMAND_EXECUTION]: Several scripts perform automated modifications to local configuration files. For example, scripts/setup-hook.sh and scripts/setup-gemini-hook.sh use Python scripts to merge command strings into ~/.claude/settings.json and ~/.gemini/settings.json.
[DATA_EXPOSURE]: The skill accesses and modifies sensitive application settings in hidden directories like ~/.claude/, ~/.gemini/, and ~/.codex/.
[COMMAND_EXECUTION]: The script scripts/configure-remote.sh modifies system shell profiles such as .bashrc and .zshrc to inject environment variables, which functions as a persistence mechanism to alter the shell environment across sessions.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface.
Ingestion points: The scripts/review.sh script and the plan submission process ingest untrusted data from git diffs and implementation plans.
Boundary markers: No explicit safety delimiters or 'ignore embedded instructions' warnings are present in the scripts handling the data.
Capability inventory: The skill provides automated scripts for shell command execution, file modification, and environment configuration.
Sanitization: The skill does not perform sanitization or validation of the input plan or diff content before it is processed by the tools.

plannotator