Thinking
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes the
llmcommand-line utility for technical reasoning tasks, interpolating user-provided problems into the command string which may pose a risk of command injection if inputs are not properly sanitized. - [COMMAND_EXECUTION]: Multiple workflows utilize shell commands via
curlto send JSON-formatted status notifications to a local server atlocalhost:8888. - [PROMPT_INJECTION]: The skill architecture dynamically loads customization files from
~/.claude/PAI/USER/SKILLCUSTOMIZATIONS/at runtime, allowing user preferences to override default instructions. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection when processing external content for red-teaming and debate; ingestion occurs from user-provided arguments in
ParallelAnalysis.md, boundary markers are limited to markdown headers, capabilities include command execution and agent orchestration, and explicit sanitization is absent. - [PROMPT_INJECTION]: The use of complex role-playing and multi-round debates with specialized personas increases the complexity of the prompt chain and the potential for adversarial instruction manipulation.
Audit Metadata