Skills
skills/crazymsn/academic-skills/parallel-web/Gen Agent Trust Hub

parallel-web

Fail

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The SKILL.md file contains instructions to execute a shell script directly from a remote URL ('https://parallel.ai/install.sh') by piping the download into 'bash'. This is a high-risk pattern that allows for arbitrary code execution without user inspection of the script content.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of external dependencies at runtime, including 'parallel-web-tools[cli]' via 'uv' and 'python-dotenv[cli]' via 'pip'.
  • [COMMAND_EXECUTION]: The skill invokes the 'parallel-cli' tool through several scripts, passing user-provided arguments ($ARGUMENTS) into the shell. This creates a risk for command injection if malicious input is provided and not properly handled by the CLI or the shell.
  • [CREDENTIALS_UNSAFE]: The skill provides instructions for the agent to locate and load API keys from local '.env' files and encourages the user to export sensitive keys like 'PARALLEL_API_KEY' directly into the environment, which can lead to accidental credential exposure.
  • [PROMPT_INJECTION]: The skill's primary function is to retrieve and process large amounts of untrusted content from the web, including academic papers, PDFs, and search results. It lacks explicit sanitization or boundary markers (such as XML tags or 'ignore' instructions) to prevent malicious instructions hidden in the web content from affecting the agent's logic.
  • Ingestion points: Untrusted web data is fetched via 'parallel-cli' search, extract, and research commands across several reference files.
  • Boundary markers: No boundary markers or isolation instructions are present to distinguish between the skill's instructions and the untrusted external data.
  • Capability inventory: The agent has the capability to execute shell commands ('parallel-cli'), perform network operations, and write to the local filesystem using the '-o' and '--output' flags.
  • Sanitization: The skill performs no sanitization or filtering of the fetched content before it is processed or presented in the final response.
Recommendations
  • HIGH: Downloads and executes remote code from: https://parallel.ai/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 14, 2026, 09:23 AM
Security Audit — agent-trust-hub — parallel-web