multi-ai-consultant

No evidence of deliberate malicious code in this skill file. The primary security concern is operational: inadvertent leakage of sensitive repository data to external AI providers (via repo-aware scans and automatic consults) and supply-chain risk from installing third-party CLIs globally. Recommended remediations: require explicit interactive confirmation showing exact files/lines to be sent before any consultation (especially for automatic suggestions), implement safe-by-default .geminiignore templates (include .env*, *secret*, credentials), add optional preview/dry-run mode that lists files to be transmitted, avoid promoting unsafe flags (e.g., 'yolo'), recommend verifying package publisher signatures or using provider-distributed installers, and encrypt or restrict access to consultations.log (or allow opt-out). With those mitigations the security risk is reduced and the skill can be used safely.