Skip to main content

plan-ceo-review

Facilitates rigorous CEO-level plan reviews to enhance product vision and execution through structured scope management.

Install this skill

or
0/100

Security score

The plan-ceo-review skill was audited on May 12, 2026 and we found 106 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 58

Template literal with variable interpolation in command context

SourceSKILL.md
58```bash
medium line 291

Template literal with variable interpolation in command context

SourceSKILL.md
291```bash
medium line 387

Template literal with variable interpolation in command context

SourceSKILL.md
387```bash
medium line 421

Template literal with variable interpolation in command context

SourceSKILL.md
421echo "before relying on \`gbrain search\` for code questions in this worktree."
medium line 549

Template literal with variable interpolation in command context

SourceSKILL.md
549```bash
medium line 33

Access to hidden dotfiles in home directory

SourceSKILL.md
33glob: "~/.gstack/projects/{repo_slug}/ceo-plans/*.md"
medium line 39

Access to hidden dotfiles in home directory

SourceSKILL.md
39glob: "~/.gstack/projects/{repo_slug}/*-design-*.md"
low line 59

Access to hidden dotfiles in home directory

SourceSKILL.md
59_UPD=$(~/.claude/skills/gstack/bin/gstack-update-check 2>/dev/null || .claude/skills/gstack/bin/gstack-update-check 2>/dev/null || true)
low line 61

Access to hidden dotfiles in home directory

SourceSKILL.md
61mkdir -p ~/.gstack/sessions
low line 62

Access to hidden dotfiles in home directory

SourceSKILL.md
62touch ~/.gstack/sessions/"$PPID"
low line 63

Access to hidden dotfiles in home directory

SourceSKILL.md
63_SESSIONS=$(find ~/.gstack/sessions -mmin -120 -type f 2>/dev/null | wc -l | tr -d ' ')
low line 64

Access to hidden dotfiles in home directory

SourceSKILL.md
64find ~/.gstack/sessions -mmin +120 -type f -exec rm {} + 2>/dev/null || true
low line 65

Access to hidden dotfiles in home directory

SourceSKILL.md
65_PROACTIVE=$(~/.claude/skills/gstack/bin/gstack-config get proactive 2>/dev/null || echo "true")
low line 66

Access to hidden dotfiles in home directory

SourceSKILL.md
66_PROACTIVE_PROMPTED=$([ -f ~/.gstack/.proactive-prompted ] && echo "yes" || echo "no")
low line 69

Access to hidden dotfiles in home directory

SourceSKILL.md
69_SKILL_PREFIX=$(~/.claude/skills/gstack/bin/gstack-config get skill_prefix 2>/dev/null || echo "false")
low line 73

Access to hidden dotfiles in home directory

SourceSKILL.md
73source <(~/.claude/skills/gstack/bin/gstack-repo-mode 2>/dev/null) || true
low line 76

Access to hidden dotfiles in home directory

SourceSKILL.md
76_LAKE_SEEN=$([ -f ~/.gstack/.completeness-intro-seen ] && echo "yes" || echo "no")
low line 78

Access to hidden dotfiles in home directory

SourceSKILL.md
78_TEL=$(~/.claude/skills/gstack/bin/gstack-config get telemetry 2>/dev/null || true)
low line 79

Access to hidden dotfiles in home directory

SourceSKILL.md
79_TEL_PROMPTED=$([ -f ~/.gstack/.telemetry-prompted ] && echo "yes" || echo "no")
low line 84

Access to hidden dotfiles in home directory

SourceSKILL.md
84_EXPLAIN_LEVEL=$(~/.claude/skills/gstack/bin/gstack-config get explain_level 2>/dev/null || echo "default")
low line 87

Access to hidden dotfiles in home directory

SourceSKILL.md
87_QUESTION_TUNING=$(~/.claude/skills/gstack/bin/gstack-config get question_tuning 2>/dev/null || echo "false")
low line 89

Access to hidden dotfiles in home directory

SourceSKILL.md
89mkdir -p ~/.gstack/analytics
low line 91

Access to hidden dotfiles in home directory

SourceSKILL.md
91echo '{"skill":"plan-ceo-review","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'","repo":"'$(basename "$(git rev-parse --show-toplevel 2>/dev/null)" 2>/dev/null || echo "unknown")'"}' >> ~/.gstack/analytics/s
low line 93

Access to hidden dotfiles in home directory

SourceSKILL.md
93for _PF in $(find ~/.gstack/analytics -maxdepth 1 -name '.pending-*' 2>/dev/null); do
low line 95

Access to hidden dotfiles in home directory

SourceSKILL.md
95if [ "$_TEL" != "off" ] && [ -x "~/.claude/skills/gstack/bin/gstack-telemetry-log" ]; then
low line 96

Access to hidden dotfiles in home directory

SourceSKILL.md
96~/.claude/skills/gstack/bin/gstack-telemetry-log --event-type skill_run --skill _pending_finalize --outcome unknown --session-id "$_SESSION_ID" 2>/dev/null || true
low line 102

Access to hidden dotfiles in home directory

SourceSKILL.md
102eval "$(~/.claude/skills/gstack/bin/gstack-slug 2>/dev/null)" 2>/dev/null || true
low line 108

Access to hidden dotfiles in home directory

SourceSKILL.md
108~/.claude/skills/gstack/bin/gstack-learnings-search --limit 3 2>/dev/null || true
low line 113

Access to hidden dotfiles in home directory

SourceSKILL.md
113~/.claude/skills/gstack/bin/gstack-timeline-log '{"skill":"plan-ceo-review","event":"started","branch":"'"$_BRANCH"'","session":"'"$_SESSION_ID"'"}' 2>/dev/null &
low line 118

Access to hidden dotfiles in home directory

SourceSKILL.md
118_ROUTING_DECLINED=$(~/.claude/skills/gstack/bin/gstack-config get routing_declined 2>/dev/null || echo "false")
low line 129

Access to hidden dotfiles in home directory

SourceSKILL.md
129_CHECKPOINT_MODE=$(~/.claude/skills/gstack/bin/gstack-config get checkpoint_mode 2>/dev/null || echo "explicit")
low line 130

Access to hidden dotfiles in home directory

SourceSKILL.md
130_CHECKPOINT_PUSH=$(~/.claude/skills/gstack/bin/gstack-config get checkpoint_push 2>/dev/null || echo "false")
medium line 138

Access to hidden dotfiles in home directory

SourceSKILL.md
138In plan mode, allowed because they inform the plan: `$B`, `$D`, `codex exec`/`codex review`, writes to `~/.gstack/`, writes to the plan file, and `open` for generated artifacts.
medium line 146

Access to hidden dotfiles in home directory

SourceSKILL.md
146If `SKILL_PREFIX` is `"true"`, suggest/invoke `/gstack-*` names. Disk paths stay `~/.claude/skills/gstack/[skill-name]/SKILL.md`.
medium line 148

Access to hidden dotfiles in home directory

SourceSKILL.md
148If output shows `UPGRADE_AVAILABLE <old> <new>`: read `~/.claude/skills/gstack/gstack-upgrade/SKILL.md` and follow the "Inline upgrade flow" (auto-upgrade if configured, otherwise AskUserQuestion with
medium line 153

Access to hidden dotfiles in home directory

SourceSKILL.md
153- Missing `~/.claude/skills/gstack/.feature-prompted-continuous-checkpoint`: AskUserQuestion for Continuous checkpoint auto-commits. If accepted, run `~/.claude/skills/gstack/bin/gstack-config set che
medium line 154

Access to hidden dotfiles in home directory

SourceSKILL.md
154- Missing `~/.claude/skills/gstack/.feature-prompted-model-overlay`: inform "Model overlays are active. MODEL_OVERLAY shows the patch." Always touch marker.
medium line 167

Access to hidden dotfiles in home directory

SourceSKILL.md
167If B: run `~/.claude/skills/gstack/bin/gstack-config set explain_level terse`.
low line 171

Access to hidden dotfiles in home directory

SourceSKILL.md
171rm -f ~/.gstack/.writing-style-prompt-pending
low line 172

Access to hidden dotfiles in home directory

SourceSKILL.md
172touch ~/.gstack/.writing-style-prompted
low line 181

Access to hidden dotfiles in home directory

SourceSKILL.md
181touch ~/.gstack/.completeness-intro-seen
medium line 194

Access to hidden dotfiles in home directory

SourceSKILL.md
194If A: run `~/.claude/skills/gstack/bin/gstack-config set telemetry community`
medium line 204

Access to hidden dotfiles in home directory

SourceSKILL.md
204If B→A: run `~/.claude/skills/gstack/bin/gstack-config set telemetry anonymous`
medium line 205

Access to hidden dotfiles in home directory

SourceSKILL.md
205If B→B: run `~/.claude/skills/gstack/bin/gstack-config set telemetry off`
low line 209

Access to hidden dotfiles in home directory

SourceSKILL.md
209touch ~/.gstack/.telemetry-prompted
medium line 222

Access to hidden dotfiles in home directory

SourceSKILL.md
222If A: run `~/.claude/skills/gstack/bin/gstack-config set proactive true`
medium line 223

Access to hidden dotfiles in home directory

SourceSKILL.md
223If B: run `~/.claude/skills/gstack/bin/gstack-config set proactive false`
low line 227

Access to hidden dotfiles in home directory

SourceSKILL.md
227touch ~/.gstack/.proactive-prompted
medium line 268

Access to hidden dotfiles in home directory

SourceSKILL.md
268If B: run `~/.claude/skills/gstack/bin/gstack-config set routing_declined true` and say they can re-enable with `gstack-config set routing_declined false`.
medium line 272

Access to hidden dotfiles in home directory

SourceSKILL.md
272If `VENDORED_GSTACK` is `yes`, warn once via AskUserQuestion unless `~/.gstack/.vendoring-warned-$SLUG` exists:
medium line 284

Access to hidden dotfiles in home directory

SourceSKILL.md
2843. Run `~/.claude/skills/gstack/bin/gstack-team-init required` (or `optional`)
medium line 286

Access to hidden dotfiles in home directory

SourceSKILL.md
2865. Tell the user: "Done. Each developer now runs: `cd ~/.claude/skills/gstack && ./setup --team`"
low line 292

Access to hidden dotfiles in home directory

SourceSKILL.md
292eval "$(~/.claude/skills/gstack/bin/gstack-slug 2>/dev/null)" 2>/dev/null || true
low line 293

Access to hidden dotfiles in home directory

SourceSKILL.md
293touch ~/.gstack/.vendoring-warned-${SLUG:-unknown}
low line 396

Access to hidden dotfiles in home directory

SourceSKILL.md
396_BRAIN_SYNC_BIN="~/.claude/skills/gstack/bin/gstack-brain-sync"
low line 397

Access to hidden dotfiles in home directory

SourceSKILL.md
397_BRAIN_CONFIG_BIN="~/.claude/skills/gstack/bin/gstack-config"
medium line 501

Access to hidden dotfiles in home directory

SourceSKILL.md
501If A/B and `~/.gstack/.git` is missing, ask whether to run `gstack-artifacts-init`. Do not block the skill.
low line 506

Access to hidden dotfiles in home directory

SourceSKILL.md
506"~/.claude/skills/gstack/bin/gstack-brain-sync" --discover-new 2>/dev/null || true
low line 507

Access to hidden dotfiles in home directory

SourceSKILL.md
507"~/.claude/skills/gstack/bin/gstack-brain-sync" --once 2>/dev/null || true
low line 550

Access to hidden dotfiles in home directory

SourceSKILL.md
550eval "$(~/.claude/skills/gstack/bin/gstack-slug 2>/dev/null)"
medium line 705

Access to hidden dotfiles in home directory

SourceSKILL.md
705Before each AskUserQuestion, choose `question_id` from `scripts/question-registry.ts` or `{skill}-{slug}`, then run `~/.claude/skills/gstack/bin/gstack-question-preference --check "<id>"`. `AUTO_DECID
low line 709

Access to hidden dotfiles in home directory

SourceSKILL.md
709~/.claude/skills/gstack/bin/gstack-question-log '{"skill":"plan-ceo-review","question_id":"<id>","question_summary":"<short>","category":"<approval|clarification|routing|cherry-pick|feedback-loop>","d
low line 718

Access to hidden dotfiles in home directory

SourceSKILL.md
718~/.claude/skills/gstack/bin/gstack-question-preference --write '{"question_id":"<id>","preference":"<pref>","source":"inline-user","free_text":"<optional original words>"}'
medium line 733

Access to hidden dotfiles in home directory

SourceSKILL.md
733Before building anything unfamiliar, **search first.** See `~/.claude/skills/gstack/ETHOS.md`.
low line 738

Access to hidden dotfiles in home directory

SourceSKILL.md
738jq -n --arg ts "$(date -u +%Y-%m-%dT%H:%M:%SZ)" --arg skill "SKILL_NAME" --arg branch "$(git branch --show-current 2>/dev/null)" --arg insight "ONE_LINE_SUMMARY" '{ts:$ts,skill:$skill,branch:$branch,i
low line 756

Access to hidden dotfiles in home directory

SourceSKILL.md
756~/.claude/skills/gstack/bin/gstack-learnings-log '{"skill":"SKILL_NAME","type":"operational","key":"SHORT_KEY","insight":"DESCRIPTION","confidence":N,"source":"observed"}'
medium line 766

Access to hidden dotfiles in home directory

SourceSKILL.md
766`~/.gstack/analytics/`, matching preamble analytics writes.
low line 773

Access to hidden dotfiles in home directory

SourceSKILL.md
773rm -f ~/.gstack/analytics/.pending-"$_SESSION_ID" 2>/dev/null || true
low line 775

Access to hidden dotfiles in home directory

SourceSKILL.md
775~/.claude/skills/gstack/bin/gstack-timeline-log '{"skill":"SKILL_NAME","event":"completed","branch":"'$(git branch --show-current 2>/dev/null || echo unknown)'","outcome":"OUTCOME","duration_s":"'"$_T
low line 778

Access to hidden dotfiles in home directory

SourceSKILL.md
778echo '{"skill":"SKILL_NAME","duration_s":"'"$_TEL_DUR"'","outcome":"OUTCOME","browse":"USED_BROWSE","session":"'"$_SESSION_ID"'","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'"}' >> ~/.gstack/analytics/skill-
low line 781

Access to hidden dotfiles in home directory

SourceSKILL.md
781if [ "$_TEL" != "off" ] && [ -x ~/.claude/skills/gstack/bin/gstack-telemetry-log ]; then
low line 782

Access to hidden dotfiles in home directory

SourceSKILL.md
782~/.claude/skills/gstack/bin/gstack-telemetry-log \
medium line 792

Access to hidden dotfiles in home directory

SourceSKILL.md
792In plan mode before ExitPlanMode: if the plan file lacks `## GSTACK REVIEW REPORT`, run `~/.claude/skills/gstack/bin/gstack-review-read` and append the standard runs/status/findings table. With `NO_RE
low line 916

Access to hidden dotfiles in home directory

SourceSKILL.md
916SLUG=$(~/.claude/skills/gstack/browse/bin/remote-slug 2>/dev/null || basename "$(git rev-parse --show-toplevel 2>/dev/null || pwd)")
low line 918

Access to hidden dotfiles in home directory

SourceSKILL.md
918DESIGN=$(ls -t ~/.gstack/projects/$SLUG/*-$BRANCH-design-*.md 2>/dev/null | head -1)
low line 919

Access to hidden dotfiles in home directory

SourceSKILL.md
919[ -z "$DESIGN" ] && DESIGN=$(ls -t ~/.gstack/projects/$SLUG/*-design-*.md 2>/dev/null | head -1)
low line 927

Access to hidden dotfiles in home directory

SourceSKILL.md
927HANDOFF=$(ls -t ~/.gstack/projects/$SLUG/*-$BRANCH-ceo-handoff-*.md 2>/dev/null | head -1)
medium line 964

Access to hidden dotfiles in home directory

SourceSKILL.md
964Read the `/office-hours` skill file at `~/.claude/skills/gstack/office-hours/SKILL.md` using the Read tool.
low line 987

Access to hidden dotfiles in home directory

SourceSKILL.md
987SLUG=$(~/.claude/skills/gstack/browse/bin/remote-slug 2>/dev/null || basename "$(git rev-parse --show-toplevel 2>/dev/null || pwd)")
low line 989

Access to hidden dotfiles in home directory

SourceSKILL.md
989DESIGN=$(ls -t ~/.gstack/projects/$SLUG/*-$BRANCH-design-*.md 2>/dev/null | head -1)
low line 990

Access to hidden dotfiles in home directory

SourceSKILL.md
990[ -z "$DESIGN" ] && DESIGN=$(ls -t ~/.gstack/projects/$SLUG/*-design-*.md 2>/dev/null | head -1)
medium line 1010

Access to hidden dotfiles in home directory

SourceSKILL.md
1010Read the `/office-hours` skill file at `~/.claude/skills/gstack/office-hours/SKILL.md` using the Read tool.
low line 1076

Access to hidden dotfiles in home directory

SourceSKILL.md
1076_CROSS_PROJ=$(~/.claude/skills/gstack/bin/gstack-config get cross_project_learnings 2>/dev/null || echo "unset")
low line 1079

Access to hidden dotfiles in home directory

SourceSKILL.md
1079~/.claude/skills/gstack/bin/gstack-learnings-search --limit 10 --cross-project 2>/dev/null || true
low line 1081

Access to hidden dotfiles in home directory

SourceSKILL.md
1081~/.claude/skills/gstack/bin/gstack-learnings-search --limit 10 2>/dev/null || true
medium line 1096

Access to hidden dotfiles in home directory

SourceSKILL.md
1096If A: run `~/.claude/skills/gstack/bin/gstack-config set cross_project_learnings true`
medium line 1097

Access to hidden dotfiles in home directory

SourceSKILL.md
1097If B: run `~/.claude/skills/gstack/bin/gstack-config set cross_project_learnings false`
low line 1206

Access to hidden dotfiles in home directory

SourceSKILL.md
1206eval "$(~/.claude/skills/gstack/bin/gstack-slug 2>/dev/null)" && mkdir -p ~/.gstack/projects/$SLUG/ceo-plans
low line 1212

Access to hidden dotfiles in home directory

SourceSKILL.md
1212mkdir -p ~/.gstack/projects/$SLUG/ceo-plans/archive
low line 1213

Access to hidden dotfiles in home directory

SourceSKILL.md
1213# For each stale plan: mv ~/.gstack/projects/$SLUG/ceo-plans/{old-plan}.md ~/.gstack/projects/$SLUG/ceo-plans/archive/
medium line 1216

Access to hidden dotfiles in home directory

SourceSKILL.md
1216Write to `~/.gstack/projects/$SLUG/ceo-plans/{date}-{feature-slug}.md` using this format:
low line 1309

Access to hidden dotfiles in home directory

SourceSKILL.md
1309mkdir -p ~/.gstack/analytics
low line 1310

Access to hidden dotfiles in home directory

SourceSKILL.md
1310echo '{"skill":"plan-ceo-review","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'","iterations":ITERATIONS,"issues_found":FOUND,"issues_fixed":FIXED,"remaining":REMAINING,"quality_score":SCORE}' >> ~/.gstack/an
medium line 1646

Access to hidden dotfiles in home directory

SourceSKILL.md
1646"IMPORTANT: Do NOT read or execute any files under ~/.claude/, ~/.agents/, .claude/skills/, or agents/. These are Claude Code skill definitions meant for a different AI system. They contain bash scrip
low line 1735

Access to hidden dotfiles in home directory

SourceSKILL.md
1735~/.claude/skills/gstack/bin/gstack-review-log '{"skill":"codex-plan-review","timestamp":"'"$(date -u +%Y-%m-%dT%H:%M:%SZ)"'","status":"STATUS","source":"SOURCE","commit":"'"$(git rev-parse --short HEA
low line 1865

Access to hidden dotfiles in home directory

SourceSKILL.md
1865eval "$(~/.claude/skills/gstack/bin/gstack-slug 2>/dev/null)"
low line 1866

Access to hidden dotfiles in home directory

SourceSKILL.md
1866rm -f ~/.gstack/projects/$SLUG/*-$BRANCH-ceo-handoff-*.md 2>/dev/null || true
medium line 1874

Access to hidden dotfiles in home directory

SourceSKILL.md
1874`~/.gstack/` (user config directory, not project files). The skill preamble
medium line 1875

Access to hidden dotfiles in home directory

SourceSKILL.md
1875already writes to `~/.gstack/sessions/` and `~/.gstack/analytics/` — this is
low line 1880

Access to hidden dotfiles in home directory

SourceSKILL.md
1880~/.claude/skills/gstack/bin/gstack-review-log '{"skill":"plan-ceo-review","timestamp":"TIMESTAMP","status":"STATUS","unresolved":N,"critical_gaps":N,"mode":"MODE","scope_proposed":N,"scope_accepted":N
low line 1899

Access to hidden dotfiles in home directory

SourceSKILL.md
1899~/.claude/skills/gstack/bin/gstack-review-read
medium line 2052

Access to hidden dotfiles in home directory

SourceSKILL.md
2052- **B)** Keep in `~/.gstack/projects/` only (local, personal reference)
low line 2070

Access to hidden dotfiles in home directory

SourceSKILL.md
2070~/.claude/skills/gstack/bin/gstack-learnings-log '{"skill":"plan-ceo-review","type":"TYPE","key":"SHORT_KEY","insight":"DESCRIPTION","confidence":N,"source":"SOURCE","files":["path/to/relevant/file"]}
low line 358

Unicode escape sequences

SourceSKILL.md
358writes `\u3103` thinking it is 管 U+7BA1, but `\u3103` is
low line 177

External URL reference

SourceSKILL.md
177If `LAKE_INTRO` is `no`: say "gstack follows the **Boil the Lake** principle — do the complete thing when AI makes marginal cost near-zero. Read more: https://garryslist.org/posts/boil-the-ocean" Offe
low line 180

External URL reference

SourceSKILL.md
180open https://garryslist.org/posts/boil-the-ocean
Scanned on May 12, 2026
View Security Dashboard
Installation guide →
GitHub Stars 92.6K
Rate this skill
Categoryproduct
UpdatedMay 13, 2026
claudeclaude-codecodexclinefrontenddesignplaywrightstripedocxgitapidatabasetestingdevopsmobilebackendproduct-managerproject-managergrowth-pmbusiness-developmentoperations-managerproductproject managementsalesoperations
garrytan/gstack