parallel-agents

[Skill Scanner] Instruction directing agent to run/execute external content All findings: [CRITICAL] command_injection: Instruction directing agent to run/execute external content (CI011) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This skill is internally consistent with its stated purpose (coordinating multi-agent development tasks). It does not contain clear malicious code, remote download/execute patterns, or explicit exfiltration channels. However, it enables high-impact repository modifications (merges, resets, pushes) and execution of project build/test scripts, so misuse or improper automation could cause data loss or run unsafe code from the repository. Treat as functionally benign but operationally sensitive — require explicit user consent and review before performing git merges/pushes or running build/test scripts. LLM verification: The skill is an orchestration pattern for coordinating multiple local AI agent instances to work on a repository. There is no explicit malicious payload, hard-coded credentials, or external download/install behavior in the provided content. The main security concern is operational: automated git merges, pushes, and execution of repository scripts can run arbitrary code or transmit data if the repository contains malicious hooks or lifecycle scripts, or if the orchestration instance has push cred