llm-council

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's README instructs the agent to fetch SKILL.md from a public GitHub repo and the SKILL.md runtime flow (Step 1A) requires scanning/reading arbitrary workspace files to enrich the framed prompt—both are untrusted, third‑party content sources that the agent will ingest and use to drive decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The README instructs Claude to fetch the skill file at runtime from https://github.com/aiwithremy/claude-skills-llm-council, which would load external SKILL.md content that directly controls agent prompts/instructions and is required for the skill to operate.