parallel-web

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). Suspicious: this is a direct link to an install.sh script (intended to be run via curl | bash), which executes remote shell code from a single domain—an installation pattern commonly used to deliver malware unless the domain and script are explicitly verified and trusted.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests content from open/public sources (see references/web-search.md using parallel-cli search and references/web-extract.md using parallel-cli extract "$URL"), including arbitrary URLs and general/non-academic sites, and the workflow requires the agent to parse and synthesize that content into decisions and follow-up actions (e.g., "Every claim must have an inline citation", parsing JSON results, and using interaction_id chaining), so untrusted third‑party content can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Setup instructs operators to run a remote installer via "curl -fsSL https://parallel.ai/install.sh | bash", which fetches and executes remote code at runtime and is a required dependency for the skill's functionality (parallel-cli).