Council
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
bun run ~/.claude/skills/Agents/Tools/ComposeAgent.tsto dynamically generate agent prompts based on the debate topic. This invokes a local script from a related skill by the same author. - [COMMAND_EXECUTION]: A
curlcommand is used to send POST requests tohttp://localhost:31337/notifyfor local voice and text notifications. This interaction is limited to the local machine's loopback interface. - [COMMAND_EXECUTION]: The skill appends execution metadata (timestamp, workflow, status) to a local log file at
~/.claude/PAI/MEMORY/SKILLS/execution.jsonlusing shell redirection. - [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection via user-supplied content.
- Ingestion points: User-provided debate topics and optional preference files located in
~/.claude/PAI/USER/SKILLCUSTOMIZATIONS/Council/. - Boundary markers: The skill uses structural headers like `COUNCIL DEBATE
- ROUND 1` to separate instructions from the topic context.
- Capability inventory: The skill can execute local shell commands (
bun,curl,echo) and perform file appends. - Sanitization: No explicit escaping or validation of the user-provided topic string is performed before it is interpolated into the agent prompts.
Audit Metadata