The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The documentation in SKILL.md instructs users to install the parallel-cli tool by piping a remote script directly to the bash shell: curl -fsSL https://parallel.ai/install.sh | bash. This allows arbitrary code from the remote server to be executed with the user's shell privileges without prior verification.
[EXTERNAL_DOWNLOADS]: The skill performs several network operations to external services. In scripts/generate_schematic_ai.py and research_lookup.py, it uses the requests library and the openai SDK to connect to openrouter.ai and api.parallel.ai. These connections are used to send user queries, retrieve research data, and generate images.
[COMMAND_EXECUTION]: The script scripts/generate_schematic.py uses subprocess.run to execute a local Python script (generate_schematic_ai.py). While it passes arguments as a list, this mechanism is used to trigger secondary script execution within the skill's environment.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes and synthesizes untrusted data from web searches and academic databases.
Ingestion points: Untrusted data enters the agent's context through search results retrieved in research_lookup.py and via the parallel-cli tool mentioned in SKILL.md.
Boundary markers: The skill does not implement explicit delimiters or instructions to isolate or ignore potentially malicious commands embedded in the retrieved content.
Capability inventory: The agent is granted Bash tool access in SKILL.md and uses subprocess.run in its internal scripts, creating a risk if the agent follows instructions found in search results.
Sanitization: No sanitization or filtering of external content is performed before it is integrated into the final output or used in downstream processing.

research-lookup