The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to construct shell commands by directly inserting user-provided input from the $ARGUMENTS variable. This pattern occurs in the parallel-cli findall run "$ARGUMENTS" and parallel-cli findall ingest "$ARGUMENTS" commands. This is a high-risk practice because it enables command injection; an attacker could include shell metacharacters (such as ;, &, |, or $()) in their input to execute arbitrary system commands beyond the scope of the intended tool.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes unvalidated natural language input to define search objectives.\n
Ingestion points: The $ARGUMENTS variable in SKILL.md captures raw user input.\n
Boundary markers: No delimiters or instructions are provided to help the agent distinguish between data and potential instructions within the input.\n
Capability inventory: The skill utilizes the Bash(parallel-cli:*) tool, which has broad execution capabilities.\n
Sanitization: There are no measures to validate or escape the user input before it is used in commands or logic.\n- [EXTERNAL_DOWNLOADS]: The skill instructions advise users to update the parallel-cli tool and parallel-web-tools package. While this involves downloading external code via pipx, these resources are part of the author's own infrastructure (parallel-web) and represent standard maintenance for the provided toolset.

parallel-findall