Skills
skills/codealive-ai/awesome-agent-skills/agents-consilium/Gen Agent Trust Hub

agents-consilium

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The build_prompt function in scripts/common.sh constructs instructions for external agents by appending user-supplied prompts and local file contents directly to system instructions. The use of simple dashed separators (---) is insufficient to prevent a malicious file or input from overriding the agent's instructions. This constitutes an Indirect Prompt Injection surface.
  • Ingestion points: User-provided prompt argument and content of context_file in scripts/common.sh.
  • Boundary markers: Uses ---, --- Context ---, and --- Input --- as delimiters.
  • Capability inventory: Executes codex exec (potential code execution) and gemini (network transmission).
  • Sanitization: No escaping or validation is performed on the ingested content.
  • [DATA_EXFILTRATION]: The skill's primary purpose is to send local code, context, and environment data to external AI models managed by third parties. While this is the intended functionality, it involves the exfiltration of potentially sensitive local file content to external service endpoints.
  • [COMMAND_EXECUTION]: The skill invokes external CLI tools to process data. codex-query.sh utilizes codex exec, which is designed for code execution (though it specifies a read-only sandbox). gemini-query.sh uses an --approval-mode yolo flag, which indicates the tool may skip safety confirmations or user reviews when processing the generated prompt.
  • [EXTERNAL_DOWNLOADS]: The skill references and requires the installation of external CLI tools (Codex and Gemini) from remote repositories and domains to function.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 07:59 PM