parallel-web-extract
Fail
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs users or the agent to download a script from 'https://parallel.ai/install.sh' and execute it by piping it directly into bash, which is a high-risk installation pattern from a non-whitelisted domain.
- [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by processing arbitrary web content.
- Ingestion points: Untrusted data is ingested from external URLs via the 'extract' command.
- Boundary markers: The skill fails to define boundary markers or delimiters to isolate untrusted web content from the agent's core instructions.
- Capability inventory: The skill possesses the ability to execute shell commands and modify the local file system through the 'Bash' tool.
- Sanitization: No sanitization, escaping, or validation of the extracted content is mentioned; the skill explicitly requires content to be returned verbatim.
- [EXTERNAL_DOWNLOADS]: The skill uses 'pipx' to download and install the 'parallel-web-tools' package from external repositories.
- [COMMAND_EXECUTION]: The skill uses the 'Bash' tool to perform administrative and functional tasks, including CLI tool execution, authentication management, and file operations in the '/tmp/' directory.
Recommendations
- HIGH: Downloads and executes remote code from: https://parallel.ai/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata