Skills
skills/vibeeval/vibecosystem/parallel-agents/Gen Agent Trust Hub

parallel-agents

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions (SKILL.md) direct agents to use shell commands such as echo, cat, and tail to record and verify the status of parallel tasks within the local .claude/cache/ directory.
  • [PROMPT_INJECTION]: The orchestration template is susceptible to indirect prompt injection because user-defined variables are used directly in shell commands.
  • Ingestion points: Subagents receive <identifier> and <batch> names which are interpolated into echo commands in SKILL.md.
  • Boundary markers: There are no delimiters or instructions to ignore embedded characters in the interpolated variables.
  • Capability inventory: Subagents have the capability to execute shell commands via the Task interface.
  • Sanitization: The skill does not provide methods to escape or validate these variables before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 09:04 AM
Security Audit — agent-trust-hub — parallel-agents