the-council
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill's session management logic includes a pattern for 'summoning' sub-agents that is vulnerable to indirect prompt injection.
- Ingestion points: In
SESSIONS.md, the template for specialist agents directly interpolates the[Insert full question and context]string. - Boundary markers: Absent. The template does not employ delimiters or specific instructions to treat the interpolated content as untrusted data.
- Capability inventory: Specialist agents are granted significant capabilities, including network access via
WebSearchand local file-writing to the.council/directory. - Sanitization: Absent. The instructions do not specify any validation or escaping for the user-provided question or context before it enters the agent's prompt.
- [COMMAND_EXECUTION] (SAFE): The skill utilizes basic shell commands for session state management.
- Evidence:
SESSIONS.mdcontains commands such asmkdirandcatto initialize the.councildirectory structure. - Analysis: These commands are used for legitimate organization purposes, are restricted to local paths, and do not involve executing untrusted remote code or escalating privileges.
Audit Metadata