parallel-web
Fail
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's setup instructions include a command to download and execute a shell script from 'https://parallel.ai/install.sh' by piping it directly to bash. This pattern facilitates the execution of unverified remote code from a non-trusted source.
- [COMMAND_EXECUTION]: Shell commands in several reference files ('data-enrichment.md', 'deep-research.md', 'web-search.md', 'web-extract.md') use unescaped variable interpolation for user-provided data such as $ARGUMENTS, $RUN_ID, and $TASKGROUP_ID. This creates a risk of command injection if the input contains shell metacharacters.
- [CREDENTIALS_UNSAFE]: The skill directs the agent to locate and read a PARALLEL_API_KEY from local '.env' files for tool authentication, which involves the agent handling raw sensitive secrets.
- [EXTERNAL_DOWNLOADS]: The skill initiates the installation of external software packages ('parallel-web-tools' and 'python-dotenv') from public registries during its initialization.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8).
- Ingestion points: Fetches content from arbitrary external URLs and search results (SKILL.md, web-search.md).
- Boundary markers: Absent. The skill does not use delimiters or instructions to ignore potential commands within the fetched data.
- Capability inventory: The environment has access to file system writes and shell command execution via the parallel-cli tool.
- Sanitization: Absent. The skill does not validate or sanitize the external data before it is processed by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://parallel.ai/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata