parallel-deep-research
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: User-controlled variables are directly interpolated into bash command strings in SKILL.md.
- Evidence: The $ARGUMENTS and $FILENAME variables are passed to parallel-cli within double quotes in the bash blocks for Step 1 and Step 2.
- Risk: Many shells process command substitutions (like $(command)) within double quotes, which could allow a malicious user to execute arbitrary code on the host system.
- [PROMPT_INJECTION]: The skill exposes an attack surface for indirect prompt injection by processing untrusted user data without delimiters or sanitization.
- Ingestion points: User input for research topics enters the agent context via the $ARGUMENTS variable in SKILL.md.
- Boundary markers: No markers or 'ignore' instructions are present to separate user input from the skill's operational commands.
- Capability inventory: The skill utilizes Bash execution via the parallel-cli tool to interact with external services.
- Sanitization: No validation or escaping of the user-provided research topic is performed before processing.
Audit Metadata