llm-council
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by ingesting untrusted workspace data from files such as CLAUDE.md and the memory/ directory to provide context to sub-agents.
- Ingestion points: The skill reads project-specific configuration and memory files from the local filesystem during the context enrichment step.
- Boundary markers: Content is separated using triple-dash horizontal rule markers (---) within the prompt templates provided to the advisors and chairman.
- Capability inventory: The skill utilizes standard file system tools including Glob, Read, and Write to locate context files and produce the final reports.
- Sanitization: Ingested workspace content is interpolated into the advisor prompts without explicit validation, escaping, or sanitization of potential embedded instructions.
Audit Metadata