llm-council
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Bash heredocs to execute Python scripts that manage API requests, file I/O, and data processing. This is used for core functionality rather than malicious persistence or privilege escalation.
- [EXTERNAL_DOWNLOADS]: Communicates with Fireworks AI's official API endpoint (api.fireworks.ai) for model inference. As a well-known service, these network operations are considered part of the primary skill purpose.
- [CREDENTIALS_UNSAFE]: Appropriately instructs users to manage the
FIREWORKS_API_KEYvia environment variables or shell profiles. No hardcoded credentials or secrets were found in the skill or the provided .env.example file. - [PROMPT_INJECTION]: The skill processes user-provided queries and external model responses to build prompts for Phase 2 (Ranking) and Phase 3 (Synthesis).
- Ingestion points: User query and Phase 1 model outputs (saved in phase1_responses.json).
- Boundary markers: Missing; the skill uses simple string interpolation for prompts.
- Capability inventory: Perform network requests via 'requests' and write session data to '/tmp'.
- Sanitization: None observed; model outputs are passed directly to the next stage of deliberation.
- [DATA_EXFILTRATION]: No unauthorized data exfiltration detected. The skill transmits the user's query and model outputs to the Fireworks AI API, which is necessary for the stated purpose of multi-model deliberation.
Audit Metadata