The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill is designed to ingest and analyze untrusted external data (codebases) and pass that context through a multi-agent pipeline.
Ingestion points: Uses Read, Glob, and Grep to pull data from the user's workspace into the agent context.
Boundary markers: Absent. The skill lacks instructions to distinguish between the agent's orchestration logic and instructions that might be embedded in the files being analyzed.
Capability inventory: While this skill specifically requests read tools, it orchestrates agents like penetration-tester, backend-specialist, and devops-engineer. In the target environment (Claude Code), these agents frequently have the capability to execute shell commands, modify files, or perform network operations.
Sanitization: No sanitization or 'ignore-embedded-instructions' logic is present. A malicious actor could place hidden instructions in a source file (e.g., in a comment) that 'penetration-tester' might interpret as a command to execute.
Command Execution Risk (MEDIUM): The inclusion of a penetration-tester agent with triggers like "exploit" and "active vulnerability testing" indicates an intent to perform actions with high side-effect potential based on findings from untrusted data.

parallel-agents