parallel-vibe
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The script orchestrates the execution of external CLI tools (OpenAI Codex and Anthropic Claude) using
subprocess.Popen. It constructs command lines by appending user-provided prompts to base commands. - [COMMAND_EXECUTION]: Configures sub-agents to bypass security confirmations using flags like
--ask-for-approval neverand--dangerously-skip-permissionsinscripts/parallel_vibe.py, removing human-in-the-loop safety checks. - [COMMAND_EXECUTION]: Supports a
shellrunner type inscripts/parallel_vibe.pythat executes arbitrary command templates; while it usesshlex.quote, the template itself remains a surface for command injection if sourced from an untrusted plan. - [PROMPT_INJECTION]: High surface for indirect prompt injection by passing user prompts directly to sub-agents.
- Ingestion points: File:
scripts/parallel_vibe.py(via--promptand--plan-filearguments). - Boundary markers: Uses 'soft guardrail' instructions in
wrap_thread_promptwhich are non-binding for the sub-agents. - Capability inventory: File:
scripts/parallel_vibe.py(usessubprocess.Popenfor execution andshutilfor file operations). - Sanitization: Employs
shlex.quotefor shell templates, but lacks content filtering for malicious instructions directed at sub-agents. - [DATA_EXFILTRATION]: File:
scripts/parallel_vibe.py. Duplicates the current directory contents into multiple sub-workspaces. While common folders are excluded, any sensitive files not in the default exclusion list are duplicated and processed by AI tools. - [DATA_EXFILTRATION]: File:
scripts/parallel_vibe.py. Thesymlink_policycan be configured to 'keep', allowing potential exposure of files outside the source directory via symbolic links.
Audit Metadata