parallel-claudes
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Remote Code Execution] (HIGH): The skill directs the installation of the 'cw' tool via 'curl -fsSL https://raw.githubusercontent.com/joyco-studio/cw/main/install.sh | bash'. This executes remote code from an unverified GitHub repository (joyco-studio) without user review.
- [Command Execution] (MEDIUM): Sub-agents are launched with the '--dangerously-skip-permissions' flag, which disables human-in-the-loop approval for file changes and command execution.
- [Indirect Prompt Injection] (LOW): (1) Ingestion points: User instructions are interpolated into sub-agent prompts in SKILL.md (Step 3). (2) Boundary markers: Absent; user input is not delimited. (3) Capability inventory: Sub-agents run Claude Code with shell and file system access. (4) Sanitization: Absent; no validation or escaping of the task string.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/joyco-studio/cw/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata