Red Team
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
Before installing, make sure you are comfortable using Claude/Codex/Gemini CLI accounts for this workflow. Do not attach sensitive context files or save reports to persistent memory unless you intend that data to be processed and retained. Review any custom persona JSON before use. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Debate results will be strongly shaped by the built-in or custom persona prompts.
The skill contains system-style persona instructions. These are purpose-aligned for a debate engine, but they deliberately steer spawned agents' behavior.
**System Prompt:** You are the Bull — an optimistic, opportunity-focused analyst.
Use trusted persona definitions and review any custom persona JSON before running the debate.
Running the skill depends on installed provider CLIs and may consume local resources or provider quota.
The script executes local AI CLI commands via subprocess. This is central to the skill's purpose and uses argument lists rather than shell strings, but it is still local command execution.
result = subprocess.run(
cmd,
capture_output=True,
text=True,
input=stdin_data,
timeout=180,
)Install provider CLIs only from official sources and run the skill only when you intend to use those AI accounts.
Prompts and selected context are processed under your logged-in Claude/Codex/Gemini account, subject to that provider's terms and quotas.
The skill relies on an already-authenticated provider CLI account. It does not show direct token handling, but it does use delegated provider account access.
runs through your Max subscription OAuth token — no API key needed
Confirm which backend is selected and avoid sending sensitive material unless that provider/account is appropriate for it.
Private project notes or decision reports could be included in prompts or retained for later reuse if the agent saves them to memory.
The skill encourages using local context documents and optionally saving results to memory. That is useful for this workflow, but can persist sensitive decision data or let untrusted document text influence the debate.
- Save output to memory files for future reference - Feed context files from Obsidian or project docs
Choose context files deliberately, treat file contents as untrusted input, and ask before saving outputs to persistent memory.
Setup may fail or use whatever compatible CLI is already present on the machine.
The docs require external CLIs installed outside the skill, while the install spec is absent and registry requirements list no required binaries. The dependency is disclosed, but not machine-enforced by metadata.
One of these coding agent CLIs ... `claude` ... `codex` ... `gemini`
Verify installed CLI provenance and versions before running the skill.