result
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
parallel-clitool via Bash, passing the user-providedrun_idas the$ARGUMENTSvariable. - Evidence: Found in
SKILL.mdwithin the bash code block:parallel-cli research poll "$ARGUMENTS" --json. - Risk: While the argument is double-quoted, this creates a surface for potential command injection if the input contains subshell execution patterns (e.g., backticks or dollar-parens) that the shell might evaluate.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes and displays data fetched from an external research task.
- Ingestion points: The output (stdout) of the
parallel-cli research pollcommand is ingested into the agent context. - Boundary markers: None identified; the skill instructions simply state to "Present results in a clear, organized format."
- Capability inventory: The skill has access to the
parallel-clitool via Bash. - Sanitization: No sanitization or filtering of the external research content is performed before presentation to the agent.
- [EXTERNAL_DOWNLOADS]: The skill references a setup procedure for the vendor's command-line interface.
- Evidence: The documentation directs users to run
/parallel:setupif the tool is missing. - Note: This is a standard vendor resource and setup pattern for this skill's functionality.
Audit Metadata