The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill requires users to provide an AI_GATEWAY_API_KEY through environment variables, which is subsequently accessed by the server for use in external requests.
[DATA_EXFILTRATION]: The skill transmits the user's API key as a Bearer token to a remote domain (https://ai-gateway.happycapy.ai/api/v1). The gateway claims to provide access to non-existent models (e.g., GPT-5.1, Claude 4.5), suggesting a lure for credential harvesting. The requests also include a hardcoded Origin header for https://trickle.so, indicating potential impersonation of other services.
[COMMAND_EXECUTION]: The launch script in SKILL.md executes shell commands including fuser -k 8787/tcp to terminate processes and nohup to run the server in the background.
[PROMPT_INJECTION]: The skill's multi-model consensus and synthesis logic is susceptible to indirect prompt injection.
Ingestion points: Untrusted outputs from external AI models are collected via the /api/council/stream and /api/council/vote endpoints.
Boundary markers: None; model responses are interpolated directly into prompts for evaluation and synthesis without delimiters.
Capability inventory: Subprocess calls are present for server lifecycle management; model-driven logic is used for synthesis display.
Sanitization: The frontend (app.js) performs HTML escaping to prevent XSS in the dashboard, but does not sanitize the content processed by the models.

llm-council