agent-council
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting and processing untrusted data.
- Ingestion points: Project content and conversation context are loaded into the review_scope and council_context as described in SKILL.md Step 0 and Step 1.
- Boundary markers: The skill uses basic Markdown headers such as '## Context' and '## Your Task' to separate instructions from the review scope data, which may be insufficient to prevent instructions embedded within the processed files from being followed by the agents.
- Capability inventory: The skill has the ability to spawn multiple sub-agents using the Task tool, read from the filesystem using Read and Glob, and output results to the local filesystem via the Write tool.
- Sanitization: There is no evidence of input validation, escaping, or sanitization of the scope content before it is interpolated into the prompts for the Primary Reviewer, Devil's Advocate, or Debate Coordinator.
Audit Metadata