parallel-agents
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The orchestrator tool executes arbitrary Python strings provided in the 'validation' field of the manifest file during execution waves. Evidence: The 'manifest.json' documentation includes a 'validation' key containing Python code such as 'from apps.users.models import User; print("Wave 1 OK")'.
- [COMMAND_EXECUTION]: The skill automates system-level package management by executing 'uv' commands to add, upgrade, or remove Python dependencies as specified in the manifest. Evidence: The 'Dependencies Section' describes using 'uv add' and 'uv remove' based on manifest contents.
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install an external Python package 'claude-parallel-orchestrator' which is a vendor resource. Evidence: Installation instructions recommend 'pip install claude-parallel-orchestrator'.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it generates execution manifests from potentially untrusted external data sources. 1. Ingestion points: The '/parallel-decompose' command reads and processes 'docs/prd.md' and tech spec files to generate the 'manifest.json'. 2. Boundary markers: No specific delimiters or instructions to ignore embedded commands are described for the decomposition process. 3. Capability inventory: The skill enables system package installation and arbitrary Python script execution via the 'cpo' tool. 4. Sanitization: No sanitization or validation of the input PRD content is described before it is used to populate executable manifest fields.
Audit Metadata