plan-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt requires the agent to construct and send exact CLI commands by combining example commands with the user's terminal aliases/configuration, which can force the LLM to emit verbatim alias contents (potentially including API keys, tokens or other secrets) in its output.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill automates sending user-created plans and local configuration-derived agent aliases to external CLI agents (using flags like --dangerously-skip-permissions and --yolo) and inspects terminal aliases — behavior that enables unauthorized data exfiltration and bypassing of protections, representing a high-risk backdoor/exfiltration pattern.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). 提示要求使用 "--dangerously-skip-permissions" 来跳过权限检查，并指示读取终端别名配置与在系统临时目录写入审查结果，存在绕过安全机制和访问/修改主机环境的风险，因此应当标记。