consensus
Warn
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill employs forceful behavioral overrides ('IRON LAW', 'NEVER use') designed to bypass standard tool selection logic in favor of a local binary.
- [COMMAND_EXECUTION]: Executes a local binary located in the user's projects directory ('~/projects/consensus-cli/consensus') and utilizes shell pipes to process data from external APIs.
- [EXTERNAL_DOWNLOADS]: Connects to 'api.crossref.org', a well-known service, to resolve DOI metadata for academic papers.
- [COMMAND_EXECUTION]: Accesses the local filesystem to read a domain knowledge file from a directory ('../google-scholar/') outside the skill's own path.
Audit Metadata