parallel-explore
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill is entirely dependent on a local script at
./scripts/aha-loop/parallel-explorer.sh. Because this script is not included in the skill definition, its security posture—specifically how it handles shell arguments and git operations—cannot be verified. - PROMPT_INJECTION (LOW): The 'Unlimited Resources' section contains instructions to 'Don't worry about wasting resources' and 'Explore as many approaches as seem valuable.' This is an attempt to override standard agent resource constraints, potentially leading to excessive compute usage or recursive task spawning.
- PROMPT_INJECTION (LOW): Indirect prompt injection surface exists in Step 5 (Evaluate Results). * Ingestion points: Evaluation agents read
EXPLORATION_RESULT.mdfiles generated during the implementation phase in separate worktrees. * Boundary markers: No delimiters or safety warnings are specified for the agents reading these files. * Capability inventory: The skill has the ability to merge code into the main branch (parallel-explorer.sh merge) and execute shell scripts. * Sanitization: There is no evidence of sanitization for the implementation results, allowing an adversarial implementation to influence the final merge decision through malicious instructions embedded in the result markdown.
Audit Metadata