planning-with-files

[Skill Scanner] Skill instructions include directives to hide actions from user All findings: [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This skill's design and documented behavior are consistent with a benign planning tool: reading/writing markdown files and running helper scripts for session management. There are supply-chain considerations: hooks execute local scripts (including PowerShell with ExecutionPolicy Bypass) from the plugin directory or a fallback path in the user's home. If those script files are tampered with or the plugin directory is writable by an attacker, hooks could execute arbitrary code. No direct network exfiltration, hardcoded secrets, or remote download-and-execute patterns are present in the provided content. Overall the skill appears benign in intent but carries moderate supply-chain/execution risk because it runs local scripts with elevated execution allowances. Recommend auditing the referenced scripts' contents and ensuring plugin directories are protected before trusting automatic hooks. LLM verification: The SKILL.md is coherent with its stated purpose (file-based planning and session recovery) and does not itself contain hardcoded credentials, obfuscated code, or explicit network calls. The primary supply-chain risk is that it instructs running local helper scripts (session-catchup.py and shell scripts) whose contents are not included; those scripts could perform arbitrary actions including network exfiltration. Overall: no direct evidence of malware in the provided text, but a moderate securit