plan-review
Fail
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes external CLI tools (
kimi,agent,claude) using shell commands. On Windows systems, it explicitly usespowershell.exe -Commandto execute these tools. This functionality can be abused to run unintended system commands. - [COMMAND_EXECUTION]: The skill constructs these shell commands by interpolating plan content directly into the command arguments (
"<提示词>"). This creates a command injection vulnerability where malicious plan content could execute arbitrary shell commands on the user's machine if the content is not sanitized. - [PROMPT_INJECTION]: Instructions specifically command the agent to bypass standard safety filters and permission prompts of external tools using flags like
--dangerously-skip-permissions(for Claude Code) and--yolo(for Cursor). This removes critical human-in-the-loop security checkpoints and allows the agents to perform actions without explicit user consent. - [DATA_EXFILTRATION]: The skill directs the agent to save plan details and review results to the system's temporary directory. This practice could lead to the exposure of sensitive project information or design plans to other processes or users on the same host system.
Recommendations
- AI detected serious security threats
Audit Metadata