consultant

Functionally, the Consultant skill is coherent with its stated purpose: reading project files and prompts, sending them to configured LLM providers, managing sessions, and returning analyses. The primary security risks are supply-chain/install instructions (curl|sh), exposure of sensitive local files persisted in session directories, and the ability to route all data to an arbitrary base-url which could be attacker-controlled. These behaviors are not inherently malicious for legitimate use, but they are high-risk if misconfigured or used with untrusted endpoints. Recommend: (1) avoid piping install scripts to shell without review; (2) require HTTPS and validation for base-url or warn prominently about untrusted endpoints; (3) provide optional encryption and automatic expiration/cleanup for session data; (4) document that files may contain secrets and suggest filters to exclude sensitive paths by default.