literature-review

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Most links are legitimate academic resources, but the inclusion of a direct shell installer URL (https://parallel.ai/install.sh) and an explicit "curl ... | bash" install instruction in the skill prompt (plus API key endpoints) are high‑risk indicators that could be used to distribute malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The required runtime workflow uses parallel-cli search (and often parallel-cli extract) to fetch public web pages/paper text from outsider-authored sources, and those fetched excerpts/full text are then ingested into the agent’s LLM context for screening/synthesis—i.e., public web content fetched at runtime → LLM-readable prose.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The scientific-schematics scripts call the OpenRouter API at runtime (base URL https://openrouter.ai/api/v1) to generate and review images, and the remote model's critique is used to iteratively modify generation prompts — a mandatory dependency for this skill that means external responses directly control agent prompts.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

• Hidden Unicode characters detected (1 type(s) found)