plan-ceo-strategy

SUSPICIOUS: the core behavior is a benign strategy-review guide, but the included `npx skills add` instruction installs a separate third-party skill and creates a transitive trust risk unrelated to the narrow planning task. Bash permission is also broader than necessary, though there is no direct credential theft or exfiltration behavior in the visible skill.