Skills
skills/crazymsn/academic-skills/research-lookup/Gen Agent Trust Hub

research-lookup

Fail

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The SKILL.md file includes instructions to install dependencies via curl -fsSL https://parallel.ai/install.sh | bash. This delivery method allows for arbitrary code execution from a remote server without verification and is classified as a critical risk.
  • [COMMAND_EXECUTION]: The script scripts/generate_schematic.py uses subprocess.run() to execute other local scripts. This represents a command execution surface that could be exploited to run arbitrary code on the local machine.
  • [DATA_EXFILTRATION]: The skill transmits research queries to api.parallel.ai and openrouter.ai. These domains are not part of the established whitelist of trusted sources, posing a risk of sensitive data exposure through non-whitelisted network operations.
  • [PROMPT_INJECTION]: The skill ingests untrusted search data from external APIs, creating a vulnerability to indirect prompt injection.
  • Ingestion points: Web and academic search snippets from Parallel AI and Perplexity.
  • Boundary markers: No explicit markers are used to separate ingested data from agent instructions.
  • Capability inventory: Access to shell execution (subprocess.run), file system (Read/Write/Edit), and network (requests).
  • Sanitization: No sanitization or filtering of external content is performed before processing.
Recommendations
  • HIGH: Downloads and executes remote code from: https://parallel.ai/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 14, 2026, 09:23 AM
Security Audit — agent-trust-hub — research-lookup