research-lookup

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.85). These URLs include a direct shell installer (https://parallel.ai/install.sh) and explicit curl|bash install instructions from a non widely-known domain (parallel.ai), which is a high-risk pattern for malware distribution; https://example.com/paper is benign/placeholder and https://api.parallel.ai is an API endpoint but do not negate the risk from the install.sh.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs web searches and URL extraction from public sites—using parallel-cli search and parallel-cli extract (documented in SKILL.md and research_lookup.py) and Perplexity sonar-pro-search via OpenRouter (README.md and research_lookup.py)—and ingests those untrusted third‑party pages and citations as part of its synthesis, so external content can directly influence agent outputs and behavior, enabling indirect prompt injection.