The Agent Skills Directory

[COMMAND_EXECUTION]: Executes a shell script named run-council.sh located in the plugin's root directory. The skill instructions include a 'CRITICAL' warning to use the -- delimiter, which is a recognized security best practice to prevent command injection by ensuring user-provided text is not misinterpreted as shell flags. Evidence: bash ${CLAUDE_PLUGIN_ROOT}/scripts/run-council.sh --providers=gemini,openai -- "Your question" (SKILL.md).
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8c) because it reads and processes responses from external AI providers.
Ingestion points: Cache files located in .claude/council-cache/ (SKILL.md).
Boundary markers: Absent; the instructions do not include specific delimiters or directives for the agent to ignore potentially malicious instructions embedded in the provider responses.
Capability inventory: Access to local shell execution through the run-council.sh script (SKILL.md).
Sanitization: Absent; the model responses are displayed verbatim and then synthesized without filtering or escaping.

querying-council