parallel-research

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill is not overtly a backdoor, but it deliberately provisions and automates many non-interactive Claude agents with high-privilege tools (Bash, Read, Write, WebFetch) and explicit instructions to bypass interactive permission prompts, which creates a substantial risk of remote code execution and data exfiltration if misused.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs spawned agents to "search the web and compile findings" (prompt.md) and the launcher (research-agents/run-agent.sh) runs claude -p with --allowedTools including "WebSearch,WebFetch", while the decomposition examples target social media and blogs, so agents will fetch and interpret untrusted public web/user-generated content as part of their workflow.