Skills
skills/danielmiessler/personal_ai_infrastructure/Council/Gen Agent Trust Hub

Council

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill mandates the execution of shell commands (curl) targeting localhost:8888 for status notifications. These commands utilize placeholders such as WORKFLOWNAME and ACTION. If the agent populates these placeholders with unsanitized strings derived from user input, it could potentially lead to command injection within the shell environment.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. User-supplied topics or questions are interpolated directly into the system prompts for sub-agents (Architect, Designer, Engineer, Researcher) without the use of boundary markers or protective instructions.
  • Ingestion points: User input for the debate topic is ingested in Workflows/Debate.md and Workflows/Quick.md.
  • Boundary markers: Absent. The untrusted topic is placed directly after the 'Topic:' label in the prompt template.
  • Capability inventory: The skill uses Task calls to spawn specialized sub-agents and executes curl via the system shell.
  • Sanitization: None. There is no evidence of escaping, validation, or filtering of the user-provided topic before it is passed to sub-agents.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 01:03 AM