council-oracle

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The prompt explicitly tells the agent "DO NOT read script source code" and to always run wrapper scripts (never call CLIs directly), which are directives that hide potentially relevant implementation details and restrict inspection outside the skill's stated analysis purpose, making them deceptive and out-of-scope.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs Claude and the oracles to perform WebSearch/WebFetch and to use the context7 skill to fetch up-to-date official documentation and web resources (see SKILL.md Step 1 and the Gemini/Codex prompt text), which causes the agent to fetch and ingest open/public web content that can influence analysis and tool use.