llm-council

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly spawns external model CLIs (codex/claude/gemini/opencode or arbitrary custom commands) and ingests their textual outputs into the planning and judging workflow (see scripts/llm_council.py run_planners/run_judge and the SKILL.md Workflow which collect, anonymize, randomize, judge, and merge planner outputs), so untrusted third‑party model responses can materially influence decisions and subsequent actions.