Red Team

This skill appears to do what it says, but take these precautions before installing or running it: - Understand where data goes: the script calls external model CLIs (Claude/Codex/Gemini) and will send the question, persona system prompts, and any context file you provide to those third-party services. Do not include secrets, private credentials, or confidential documents in the context file unless you trust the target model/provider and account. - Trust the CLIs: you must install and run vendor CLIs locally; ensure those packages are from official sources and that your account/subscription is intended to be used this way. - Inspect custom personas and context files: custom persona JSON or other inputs are merged into prompts. Only use custom persona files from trusted authors — a malicious custom persona could craft prompts that produce undesirable outputs or leak data to the model. - Review the full script: part of the Python file was truncated in the package listing; if you need high assurance, open and read the entire scripts/red-team.py to confirm there are no hidden network calls, logging to unexpected endpoints, or file exfiltration code beyond calls to the recognized CLIs. - Sandbox if needed: run first in an isolated environment or with non-sensitive dummy data to observe behavior and network traffic. If you want, I can (1) walk through the full red-team.py file line-by-line, (2) point out exactly where user data is injected into prompts, or (3) suggest safer invocation patterns (e.g., redact secrets, run in an isolated account) — tell me which you prefer.