querying-council

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill requires the model to read and copy-paste saved provider responses verbatim, so any API keys, tokens, cookies, or passwords present in those files would be reproduced exactly, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (Step 1 and Step 2 in SKILL.md) runs queries against external AI providers (Gemini, OpenAI, Grok, Perplexity), reads the resulting file in .claude/council-cache/*.md, and verbatim-displays and then synthesizes recommendations from those untrusted third-party model outputs, which could contain instructions that influence subsequent behavior.