The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The documentation in SKILL.md instructs users to install dependencies using a command that pipes a remote script directly to the shell: curl -fsSL https://parallel.ai/install.sh | bash. This method bypasses integrity checks and executes unverified code from a third-party server.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted data from external academic sources.
Ingestion points: Data enters the environment via parallel-cli search results and parallel-cli extract calls which retrieve content from external URLs.
Boundary markers: The instructions lack delimiters or system prompts to isolate retrieved academic text from the agent's instructional context.
Capability inventory: The skill utilizes Bash (via subprocess), file-write permissions, and network access across multiple scripts.
Sanitization: There is no evidence of sanitization or filtering applied to the content of papers or abstracts before they are processed for thematic synthesis.
[COMMAND_EXECUTION]: The scripts scripts/generate_pdf.py and scripts/generate_schematic.py utilize the subprocess module to execute system binaries like pandoc and xelatex. While these are used for document generation, they represent a high-privilege capability that could be abused if inputs are not strictly controlled.
[EXTERNAL_DOWNLOADS]: The skill performs extensive network operations, including fetching metadata from api.crossref.org, resolving handles at doi.org, and interacting with openrouter.ai for AI services. This established network access could be leveraged for data exfiltration if combined with sensitive file access.

literature-review