llm-council

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill explicitly instructs running local CLIs (codex exec, gemini) that can execute arbitrary commands, writes files to CWD (creating transcripts), and even directs using --skip-git-repo-check which bypasses a built-in safety check—collectively enabling potential local-state changes or circumvention of protections.