parallel-claudes

The orchestrator is functional and useful in trusted, isolated environments, but it intentionally removes interactive safety checks and automates high-privilege actions (autonomous headless agents committing and pushing code). There is no explicit malicious code in the document, but the workflow materially increases supply-chain and code-integrity risks because it enables automated exfiltration or injection if a subagent or prompt is malicious or compromised. Recommended precautions: avoid --dangerously-skip-permissions unless in an isolated throwaway environment; require manual review of all commits before pushing/merging; sandbox or disable repository credentials for subagent runs; verify installer scripts before execution; and prefer interactive/manual merges with human inspection.