Trust Assessment
parallel-enrichment received a trust score of 74/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Arbitrary File Read via `head` command after user-controlled `--target`, Potential Path Traversal in `sessions_spawn` task.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Read via `head` command after user-controlled `--target` The skill instructs the LLM to "Preview the first few rows: `head -6 output.csv`" after the `parallel-cli` command completes. The `parallel-cli` command allows specifying an output file path via the `--target` flag. If the LLM constructs the `parallel-cli` command using an untrusted user-provided path for `--target` (e.g., `../../../../etc/passwd`), and then subsequently executes `head -6` on that user-controlled path, it could lead to the reading and potential exfiltration of arbitrary files from the system. When instructing the LLM to preview files, ensure that the file path is either fixed, within a secure temporary directory, or strictly validated against path traversal attempts. The `--target` flag for `parallel-cli` should also be validated to prevent writing to arbitrary locations. If the LLM is expected to execute shell commands, ensure the execution environment is properly sandboxed. | LLM | SKILL.md:120 | |
| HIGH | Potential Path Traversal in `sessions_spawn` task The skill suggests using `sessions_spawn` with a `task` that includes a dynamically constructed file path: `/tmp/enriched-<topic>.csv`. If the `<topic>` variable is populated directly from untrusted user input without proper sanitization, an attacker could inject path traversal sequences (e.g., `../../../../etc/passwd`) to instruct the sub-agent to read arbitrary files from the filesystem. This could lead to sensitive data exfiltration. Ensure that any user-provided input used to construct file paths within `sessions_spawn` tasks is strictly validated and sanitized to prevent path traversal. A robust solution would be to use a fixed, non-user-controlled filename or a UUID for temporary files, or to ensure the `sessions_spawn` tool itself has mechanisms to restrict file access for tasks. If the `sessions_spawn` tool has a dedicated `file_path` argument, use that instead of embedding paths in the natural language `task`. | LLM | SKILL.md:142 |
Scan History
Embed Code
[](https://skillshield.io/report/508a0b336ea1d639)
Powered by SkillShield