parallel-deep-research
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill provides an installation command that downloads and executes a script directly from the vendor's domain:
curl -fsSL https://parallel.ai/install.sh | bash. While this pattern involves remote execution, it is the vendor's documented method for setting up their own tool. - [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The instructions suggest installing the
parallel-web-toolspackage viapipx, which involves downloading and installing software from the Python Package Index (PyPI). - [COMMAND_EXECUTION]: The skill instructs the agent to execute various
parallel-clicommands, such asresearch runandresearch poll, to perform tasks and write results to the local filesystem. - [DATA_EXPOSURE_AND_EXFILTRATION]: The skill provides guidance on setting up an API key using environment variables (
export PARALLEL_API_KEY="your-key"). This is a standard and recommended practice for local credential management and does not involve hardcoded secrets within the skill itself. - [INDIRECT_PROMPT_INJECTION]: The skill processes research data from external sources. It includes specific instructions to manage this surface:
- Ingestion points: Research reports and metadata retrieved via
parallel-cli. - Boundary markers: The instructions explicitly direct the agent to share an executive summary and avoid reading full file contents into the context unless requested by the user, establishing a clear boundary.
- Capability inventory: Uses shell execution for the CLI tool and local file writing for reports.
- Sanitization: No automated sanitization of the research output is specified, relying instead on the instruction-based boundary.
Audit Metadata