council

[Skill Scanner] Installation of third-party script detected This SKILL.md is coherent with its stated purpose and the capabilities it requests are consistent with multi-agent orchestration. The primary security risk is data exfiltration: the skill inlines full local file contents (and optionally .agents/ao/environment.json) into packets that are sent to external model backends (Codex/Claude) or invoked via an external CLI. There are no signs of deliberate obfuscation or typical malware constructs in the manifest. However, because the skill routes potentially sensitive local data to third-party models without mandatory redaction or explicit consent, its use presents a moderate supply-chain/privacy risk. Treat as SUSPICIOUS from a data-leakage standpoint until redaction/consent controls are added. LLM verification: No clear signs of intentionally malicious code in the supplied skill fragment. The design and requested capabilities are aligned with the stated purpose (multi-agent council), but the skill requires high-privilege runtime capabilities (spawn subagents, agent messaging, write/read files) which increase attack surface. Primary risks are accidental exfiltration of sensitive input (written to disk and sent to external model backends) and misuse of spawn/messaging privileges in an untrusted runtime.

The fragment is a structured, non-executable prompt framework for multi-judge analysis. Security risk is low given proper sandboxing and input validation; primary concerns relate to path sanitization and controlled disclosure of outputs in the hosting environment.