Skills
skills/supercent-io/skills-template/planview/Gen Agent Trust Hub

planview

Fail

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The skill contains multiple instructions to execute remote scripts via curl -fsSL https://plannotator.ai/install.sh | bash and irm https://plannotator.ai/install.ps1 | iex in SKILL.md. These patterns allow an attacker to execute arbitrary code on the host system without prior inspection.
  • [EXTERNAL_DOWNLOADS] (HIGH): The domain plannotator.ai is not a trusted source. The skill installs binary tools and agent plugins from this unverified source, bypassing standard package registry security controls.
  • [COMMAND_EXECUTION] (MEDIUM): The skill encourages the modification of other agent environments (Claude Code and OpenCode) through plugin installations, which could serve as a vector for persistence or lateral movement within the user's development environment.
Recommendations
  • HIGH: Downloads and executes remote code from: https://plannotator.ai/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 20, 2026, 08:05 AM