council-of-advisors
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill follows security best practices for AI agent instructions. It uses delimited data packets to separate user input from system instructions.\n- [PROMPT_INJECTION]: Each subagent (e.g., adversary-seat, optimistic-seat) contains explicit instructions to ignore imperative text inside the decision packet and report it as a manipulation risk, effectively mitigating potential prompt injection attempts from untrusted data.\n- [DATA_EXFILTRATION]: The skill writes output to a user-defined path (HANDOFF_PATH) as part of its primary functionality. This represents a vulnerability surface for path manipulation but is intended behavior within the provided workflow.\n
- Ingestion points: DECISION_SUBJECT, STATED_CLAIM, DESIRED_OUTCOME, and other user inputs defined in SKILL.md.\n
- Boundary markers: User data is enclosed in <decision_packet> delimiters as specified in SKILL.md and subagent files.\n
- Capability inventory: File system write to HANDOFF_PATH (SKILL.md) and potential web research tool usage (references/seat-output-schema.md).\n
- Sanitization: Explicit instructions across all subagent files (subagents/*.md) to ignore and report any steering or imperative text within input data.\n- [COMMAND_EXECUTION]: The skill does not invoke shell commands directly or utilize dynamic context injection (!command) functionality.
Audit Metadata