parallel-execution
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires installing 'claude-parallel-orchestrator' via pip, which is an external package from an unverified source not listed in the trusted vendors.\n- [EXTERNAL_DOWNLOADS]: The orchestration script depends on the '@anthropic-ai/claude-agent-sdk' package, which is an external dependency from an unverified source.\n- [COMMAND_EXECUTION]: The skill invokes the 'cpo' CLI tool to execute parallel tasks, which involves running subprocesses and modifying git worktrees on the local system.\n- [COMMAND_EXECUTION]: The documentation specifies that agents run with the '--dangerously-skip-permissions' flag, which explicitly bypasses security constraints for the AI agents, increasing the risk of unauthorized file system or network access.\n- [PROMPT_INJECTION]: The skill provides an indirect prompt injection surface by reading task and context files from the disk and passing them directly to AI agents without sanitization.\n
- Ingestion points: orchestrator.ts reads multiple markdown files from the 'tasks/' directory and 'context.md'.\n
- Boundary markers: No boundary markers or instructions to ignore embedded commands are present to separate untrusted file data from system instructions.\n
- Capability inventory: The skill launches agents with high permissions using the Claude SDK and 'cpo' tool, providing a path for injected instructions to execute commands.\n
- Sanitization: File contents are interpolated directly into prompts without escaping or validation.
Audit Metadata