llm-council
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script scripts/query_llms.py executes local CLI tools (gemini and codex) using subprocess.run. This is used to query LLMs when these specific tools are present in the system environment.
- [DATA_EXFILTRATION]: The skill reads sensitive API keys from a local .env file and transmits them to OpenAI and Google Gemini API endpoints. This is documented behavior consistent with the skill's primary function of model consultation.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted user data and passes it directly to external LLM providers. * Ingestion points: User input captured via command-line arguments in scripts/query_llms.py. * Boundary markers: Absent; prompts are transmitted without delimiters or safety context. * Capability inventory: The skill performs shell command execution (subprocess.run) and network requests (requests.post). * Sanitization: No validation or escaping of the user prompt is performed before transmission.
Audit Metadata