planning-with-files

The package appears benign in purpose—helping the user manage persistent planning files and session recovery—but contains noteworthy supply-chain and local execution risks. The primary concern is that hooks execute scripts from a plugin scripts directory and the Stop hook explicitly uses PowerShell with '-ExecutionPolicy Bypass' on Windows, which lowers execution barriers and can run arbitrary .ps1 files if the scripts directory is compromised. There are no hardcoded credentials or network endpoints in the manifest itself. Recommended mitigations: ensure scripts under ${CLAUDE_PLUGIN_ROOT}/scripts are obtained from trusted, verifiable sources; avoid running this skill in contexts that grant unattended agents broad Bash/file-write permissions; remove or avoid '-ExecutionPolicy Bypass' where possible; validate and, if feasible, cryptographically verify helper script integrity before hook invocation.