parallel-data-enrichment

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). This is a direct link to a shell installer (install.sh) on an external domain and the skill instructs piping it to bash — which executes arbitrary remote code — making it high-risk unless the domain and script have been independently verified and reviewed.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly enriches data with "web-sourced fields" (SKILL.md description) via the parallel-cli enrichment run and then instructs the agent to poll and "preview first few rows from the output file" (Step 2), meaning the agent will ingest and interpret open/public web-derived content as part of its workflow — exposing it to untrusted third-party material that could carry injected instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's setup instructs running curl -fsSL https://parallel.ai/install.sh | bash if the CLI is missing, which fetches and immediately executes remote code at runtime and is presented as the installer dependency, so it directly risks controlling/altering execution.