The Agent Skills Directory

[COMMAND_EXECUTION]: Vulnerable parallel execution patterns in SKILL.md. The implementation uses xargs -I {} -P "$PARALLEL" bash -c "..." which performs simple string replacement of the {} placeholder with input data. If the input items (from files or JSON arrays) contain shell metacharacters like backticks, semicolons, or dollar signs, they will be interpreted and executed by the shell sub-process.
[COMMAND_EXECUTION]: Unsafe command invocation in batch_repo_command and parallel_with_errors. These functions accept arbitrary command strings and execute them within a bash subshell across various directories or items without any validation or sanitization of the command or the arguments, facilitating high-risk operations across the file system.
[COMMAND_EXECUTION]: Indirect prompt injection surface via untrusted JSON data. The skill ingest points include stdin for jq and cat (processing tasks.json or items.txt). There are no boundary markers or sanitization logic, and the skill possesses high capabilities including bash -c, xargs, and find, which can be exploited by embedding malicious instructions in the processed data.

parallel-batch-executor