parallel-research

SUSPICIOUS: the core purpose is coherent and the main Claude CLI appears to be official, but the skill grants spawned web-research agents Bash and Write access, processes untrusted web content, and relies on unverified local helper scripts from another skill. This is not confirmed malware or credential theft, but it is a medium/high-risk automation pattern with notable prompt-injection and permission-scope concerns.