parallel-agents
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill instructs agents to use shell commands for status reporting (e.g., `echo "COMPLETE:
- $(date)" >> .claude/cache/-status.txt`).
- Evidence: If the
<identifier>or<batch>variables are interpolated with untrusted data (e.g., a file name or user-provided ID), an attacker could perform command injection (e.g., setting an identifier to$(rm -rf /)). - [INDIRECT_PROMPT_INJECTION] (MEDIUM): The orchestration pattern relies on a shared status file for multiple agents to communicate completion.
- Ingestion points: Agents write status/results to
.claude/cache/files which are later read by the orchestrator or user viacat,tail, andwc. - Boundary markers: None. The skill recommends simple line-based appending without delimiters or escaping.
- Capability inventory: The orchestration involves launching background tasks (
Taskwithrun_in_background: true) and shell execution. - Sanitization: No sanitization or validation of the data written to the status files is suggested.
- Risk: If a sub-agent processes untrusted external data and includes parts of that data in its status message, it could poison the orchestration log. A downstream agent reading this log to determine its next action could be manipulated.
Audit Metadata