Skills
skills/nyldn/claude-octopus/skill-parallel-agents/Gen Agent Trust Hub

skill-parallel-agents

Fail

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions frequently use a pattern where user-provided text is interpolated directly into shell commands, such as ${HOME}/.claude-octopus/plugin/scripts/orchestrate.sh auto \"[prompt]\". This creates a direct command injection vulnerability if a user provides a prompt containing shell metacharacters like semicolons, ampersands, or backticks.\n- [CREDENTIALS_UNSAFE]: The setup instructions and provider detection logic promote the use of environment variables like OPENAI_API_KEY, GEMINI_API_KEY, and OPENROUTER_API_KEY for sensitive API credentials. Storing secrets in long-lived environment variables increases the risk of exposure to malicious processes or log files.\n- [PROMPT_INJECTION]: The skill uses aggressive, imperative language such as "MANDATORY COMPLIANCE", "PROHIBITED", and "STOP" to override the agent's default decision-making and force the use of external tools. Additionally, the skill is vulnerable to indirect prompt injection via user-supplied data.\n
  • Ingestion points: User prompts supplied via commands like /octo:multi or natural language triggers processed in SKILL.md.\n
  • Boundary markers: Absent; the skill uses double quotes in shell commands but no internal delimiters or safety instructions to ignore embedded commands.\n
  • Capability inventory: Execution of shell scripts at ${HOME}/.claude-octopus/plugin/scripts/orchestrate.sh with raw prompt arguments.\n
  • Sanitization: Absent; the instructions do not describe any filtering or escaping of user-provided content before it is executed in the shell.\n- [EXTERNAL_DOWNLOADS]: The skill directs users to install external CLI tools from the @openai/codex and @google/gemini-cli npm packages. While these originate from well-known organizations, the skill's reliance on external, unversioned global installations introduces supply chain surface area.\n- [DATA_EXFILTRATION]: By design, this skill sends user prompts and project context to multiple third-party LLM providers. Users should be aware that sensitive data processed by this skill will be transmitted to and processed by external services like OpenAI, Google, and potentially OpenRouter.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 9, 2026, 06:35 AM