skills/danielmiessler/lifeos/Council/Gen Agent Trust Hub

Council

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes bun run ~/.claude/skills/Agents/Tools/ComposeAgent.ts to dynamically generate agent prompts based on the debate topic. This invokes a local script from a related skill by the same author.
  • [COMMAND_EXECUTION]: A curl command is used to send POST requests to http://localhost:31337/notify for local voice and text notifications. This interaction is limited to the local machine's loopback interface.
  • [COMMAND_EXECUTION]: The skill appends execution metadata (timestamp, workflow, status) to a local log file at ~/.claude/PAI/MEMORY/SKILLS/execution.jsonl using shell redirection.
  • [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection via user-supplied content.
  • Ingestion points: User-provided debate topics and optional preference files located in ~/.claude/PAI/USER/SKILLCUSTOMIZATIONS/Council/.
  • Boundary markers: The skill uses structural headers like `COUNCIL DEBATE
  • ROUND 1` to separate instructions from the topic context.
  • Capability inventory: The skill can execute local shell commands (bun, curl, echo) and perform file appends.
  • Sanitization: No explicit escaping or validation of the user-provided topic string is performed before it is interpolated into the agent prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 03:33 PM
Security Audit — agent-trust-hub — Council