Skills
skills/parcadei/continuous-claude-v3/parallel-agent-contracts/Gen Agent Trust Hub

parallel-agent-contracts

Warn

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The skill instructs agents to run shell commands (grep, npx tsc) to verify types and avoid duplication. In an implementation environment, these commands are powerful and could be abused if the agent is manipulated.
  • [EXTERNAL_DOWNLOADS] (LOW): The use of npx tsc can trigger downloads from the npm registry if the TypeScript package is not already present in the environment. Per [TRUST-SCOPE-RULE], npm is a trusted registry, but the dynamic nature of npx is worth noting.
  • [INDIRECT_PROMPT_INJECTION] (MEDIUM):
  • Ingestion points: The Prompt Template accepts [Description] and [Actual task description] as input.
  • Boundary markers: No boundary markers or 'ignore embedded instructions' warnings are present to isolate the task description from the agent instructions.
  • Capability inventory: The agent is explicitly granted the capability to execute shell commands (bash blocks).
  • Sanitization: No sanitization is performed on the task description or type names before they are used in shell commands, potentially allowing a malicious task description to append commands (e.g., via shell metacharacters in a type name).
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 15, 2026, 11:41 PM