llm-council

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs scripts/query_llms.py (per SKILL.md) which queries external LLM APIs (OpenAI and Gemini) and then ingests and synthesizes those models' responses into implementation plans, so untrusted third‑party outputs from those APIs could indirectly inject instructions that influence subsequent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime script calls external LLM APIs—https://api.openai.com/v1/chat/completions and https://generativelanguage.googleapis.com/v1beta/models/{model}:generateContent?key={api_key}—and injects their returned text into the agent's synthesis, so these endpoints are runtime dependencies whose responses directly influence the agent's prompts/output.