parallel-agents
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (HIGH): The orchestration pattern relies on agents executing bash commands with interpolated variables (, ) that are likely to contain untrusted data from the sub-agent's task.\n
- Ingestion points: The and placeholders in the bash completion template (SKILL.md).\n
- Boundary markers: None; data is directly interpolated into a shell command string.\n
- Capability inventory: The pattern explicitly uses bash to perform file system writes (echo, >>).\n
- Sanitization: Absent; an attacker-controlled identifier such as $(malicious_command) would be evaluated and executed by the sub-agent's shell environment.\n- [Command Execution] (MEDIUM): The skill systematically encourages the use of shell commands (bash) for routine status reporting instead of structured tool outputs. This increases the overall attack surface and allows agents to interact with the file system in ways that are harder to audit than structured API calls.
Recommendations
- AI detected serious security threats
Audit Metadata