parallel-tasks
Warn
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill dynamically constructs a bash command to execute a local script (wt-parallel.sh) using arguments derived from user-provided task descriptions.
- Evidence: The bash script template: "${CLAUDE_PLUGIN_ROOT}/scripts/wt-parallel.sh" --branches "branch1|branch2" --prompts "prompt1|prompt2".
- Risk: Maliciously crafted user input containing shell meta-characters (such as semicolons, backticks, or command substitution) could lead to unintended command execution if the input is not correctly escaped before shell evaluation.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted user input and uses it to generate prompts for other AI sessions. 1. Ingestion points: The initial user request is used to generate both git branch names and the initial prompts for parallel Claude sessions. 2. Boundary markers: There are no explicit delimiters or instructions shown to isolate the user-provided prompts from system instructions in the child sessions. 3. Capability inventory: The skill uses the Bash tool, which provides significant system access (git operations, shell script execution). 4. Sanitization: While the AskUserQuestion tool is used to get user approval, there is no technical validation or sanitization of the input strings mentioned to prevent injection attacks.
Audit Metadata