Plan I

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it advertises: create a local planning Markdown file, with the main caveat that it writes an initial draft immediately.

Install this if you want a helper that creates local planning files. Avoid putting secrets in the planning request, use simple plan names, and review the generated Markdown before using it in follow-on planning steps.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs the agent to create and write a new planning file immediately based on user input, without first clearly notifying the user that a filesystem-modifying action will occur. This increases the risk of unintended file creation, persistence of sensitive user-provided content, and surprise side effects, especially because the flow requires writing before presenting any confirmation to the user.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal