Trust Assessment
parallel-task received a trust score of 79/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Prompt Injection into Subagent Prompts, Potential Data Exfiltration via Agent Output.
The analysis covered 4 layers: manifest_analysis, llm_behavioral_safety, dependency_graph, static_code_analysis. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit 0676c56a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Prompt Injection into Subagent Prompts The skill constructs prompts for subagents by directly embedding content from a user-provided 'plan file'. Fields such as '[Goals]', '[Dependencies]', '[Constraints]', '[Name]', '[Description]', '[Acceptance Criteria]', and '[Validation]' are taken from the untrusted plan file and inserted into the subagent's prompt template. A malicious plan file could contain prompt injection payloads within these fields, allowing an attacker to manipulate the behavior of the subagent LLM, potentially leading to unintended actions or information disclosure. Sanitize or strictly validate all untrusted input from the plan file before embedding it into subagent prompts. Consider using a templating engine that escapes user input, or implement explicit input validation and filtering for sensitive keywords or instructions. Ideally, separate user-provided data from system instructions within the prompt. | Unknown | SKILL.md:50 | |
| MEDIUM | Potential Data Exfiltration via Agent Output The skill's design involves reading plan files and instructing subagents to report on 'Files modified/created' and 'Changes made'. The main agent also collects 'Concise work log' and 'Errors or gotchas encountered'. Given that the skill inherently requires filesystem read access to process plan files and potentially modify other files, a malicious plan could instruct a subagent to read sensitive files (e.g., configuration files, credential stores) and then include their content within the 'Changes made', 'work log', or 'Errors' sections of the agent's output. This provides a vector for exfiltrating data through the agent's reporting mechanism. Implement strict controls over what information can be included in agent summaries and logs. Restrict file access to only necessary directories and file types. Before reporting 'Changes made' or 'work log' content, scan for sensitive patterns or enforce content filtering to prevent the inclusion of confidential data from arbitrary files. Consider sandboxing subagent file operations. | Unknown | SKILL.md:68 |
Scan History
Embed Code
[](https://skillshield.io/report/c7cc573105d0e9d3)
Powered by SkillShield