dual-ai
Fail
Audited by Gen Agent Trust Hub on Jul 5, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill explicitly disables security guardrails by invoking CLI tools with flags such as
--dangerously-skip-permissionsfor Claude and--dangerously-bypass-approvals-and-sandboxfor Codex, granting spawned sessions unrestricted system access. - [REMOTE_CODE_EXECUTION]: The skill dynamically generates and executes platform-specific shell scripts (
.sh) and PowerShell scripts (.ps1) at runtime to initialize and orchestrate the parallel sessions. - [COMMAND_EXECUTION]: The skill utilizes a custom Node.js supervisor (
scripts/dual-ai-runner.mjs) to spawn child processes usingnode:child_process, which increases the host's exposure to potentially malicious command execution. - [PROMPT_INJECTION]: The skill contains instructions that mandate a "full-permission mode" and "xhigh reasoning effort," which overrides default safety constraints and resource limits for the fanned-out sessions.
Recommendations
- AI detected serious security threats
Audit Metadata