Council of Wisdom - Multi-Agent Debate

Security checks across malware telemetry and agentic risk

Overview

This is a coherent debate-orchestration skill, but it deserves review because it saves debate content and can send it to external services without clear privacy controls.

Review before installing if you plan to use confidential or regulated topics. Use it only with data you are comfortable storing in local logs and, if enabled, sharing with GitHub, external LLM providers, the hosted API, or webhooks. Prefer disabling remote sync, redacting sensitive inputs, limiting log retention, and avoiding the sudo symlink unless system-wide installation is necessary.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (12)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The guide directs the system to persist debate transcripts, metadata, votes, and reports to workspace files, but provides no safeguards around sensitive-content handling, redaction, retention, or access control. Because debate inputs may include proprietary, personal, or otherwise sensitive user data, indiscriminate logging can create a durable data-exposure risk beyond the original session.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The documentation explicitly states that logs are archived automatically and debate transcripts are stored, but it provides no warning that prompts, outputs, or potentially sensitive business data may be retained. In a multi-agent decision system, users are likely to submit confidential strategy, architecture, or investment discussions, so undocumented retention increases privacy, compliance, and unintended disclosure risk.

Missing User Warnings

Low

Confidence: 76% confidence
Finding: The quick-start instructions tell users to run initialization commands that create directories and files in the local workspace, but do not clearly warn that this will write project data to disk. While this is common CLI behavior, omission of that warning can still surprise users in environments handling sensitive material or in shared workspaces.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The README explicitly advertises GitHub integration, private repos, and debate transcript logging, but it gives no warning about what data may be stored, retained, or shared. In a multi-agent system that records prompts, logs, and reports, users may unknowingly place sensitive business or personal data into local logs or remote repositories, creating confidentiality and compliance risk.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README promotes multi-LLM provider support without warning that prompts, workspace files, or debate content may be transmitted to third-party AI services. That omission can cause users to submit confidential material under the false assumption that processing is entirely local, leading to unintended external disclosure.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill documents sending debate topics and related data to an external API using bearer-token authorization, but it does not disclose that user-supplied prompts, business decisions, or sensitive context may leave the local environment. In a multi-agent decision system, those payloads can contain confidential strategy, internal architecture, or regulated information, so omission of a clear data-transmission warning creates a real confidentiality and compliance risk.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The GitHub integration section instructs users to create/push to a repository and later describes pushing reports, but it does not warn that debate outputs, logs, prompts, and potentially sensitive decision records may be stored in that repository. Even if the repo is intended to be private, misconfiguration, overbroad collaborator access, forks, CI exposure, or later visibility changes can leak confidential material.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: When `--create-issue` is used, the script sends the debate topic and perspectives to GitHub via `gh issue create` without an explicit privacy warning, confirmation step, or sanitization guidance. In this skill's context, debate topics may contain sensitive business strategy, internal architecture, or confidential prompts, so silent transmission to an external service creates a real data exposure risk.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The prompt explicitly instructs the agent to archive full debate transcripts to logs, but provides no user notice, consent mechanism, redaction step, retention limit, or guidance on handling sensitive content. Because users may submit personal, confidential, or regulated data in advice requests, indiscriminate transcript logging creates a realistic privacy and data-exposure risk if logs are accessed, retained too long, or reused downstream.

External Transmission

Medium

Category: Data Exfiltration
Content: ```bash # Start a debate via API curl -X POST https://api.council-of-wisdom.com/v1/debates \ -H "Authorization: Bearer <token>" \ -d '{"topic": "...", "domain": "..."}'
Confidence: 77% confidence
Finding: curl -X POST https://api.council-of-wisdom.com/v1/debates \ -H "Authorization: Bearer <token>" \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: ```bash # Start a debate via API curl -X POST https://api.council-of-wisdom.com/v1/debates \ -H "Authorization: Bearer <token>" \ -d '{"topic": "...", "domain": "..."}'
Confidence: 77% confidence
Finding: https://api.council-of-wisdom.com/

External Transmission

Medium

Category: Data Exfiltration
Content: -d '{"topic": "...", "domain": "..."}' # Get outcome curl https://api.council-of-wisdom.com/v1/debates/<id>/outcome ``` ### Webhooks
Confidence: 71% confidence
Finding: https://api.council-of-wisdom.com/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal