The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill contains instructions to download and execute a shell script from 'https://parallel.ai/install.sh' by piping it directly to bash. This 'curl | bash' pattern allows for arbitrary code execution from a source outside of the trusted vendor list, bypassing standard package integrity checks.
[COMMAND_EXECUTION]: The instructions direct the agent to substitute user-provided content ($ARGUMENTS, --data, and --intent) directly into shell commands for the 'parallel-cli'. This creates a significant surface for command injection. A malicious user could provide input containing shell metacharacters (e.g., ';', '&&', or backticks) to execute unauthorized commands on the host system.
[EXTERNAL_DOWNLOADS]: The skill downloads and installs external tools using both 'curl' from 'parallel.ai' and 'pipx' for the 'parallel-web-tools' package. These downloads originate from sources not explicitly categorized as trusted in the analyzer's configuration.
[PROMPT_INJECTION]: The skill exhibits vulnerability to indirect prompt injection (Category 8). It ingests untrusted data from CSV files ('input.csv') and direct user input, which is then passed to a powerful subprocess tool ('parallel-cli') without boundary markers or sanitization logic specified in the instructions.
Ingestion points: 'input.csv' source file and user-provided strings in '$ARGUMENTS'.
Boundary markers: Absent; user data is interpolated directly into command strings.
Capability inventory: The skill has 'Bash(parallel-cli:*)' capabilities allowing it to execute CLI tools, write to files (via '--target'), and make network requests (via the enrichment API).
Sanitization: Absent; no instructions are provided to the agent to escape or validate input before shell execution.

parallel-data-enrichment