parallel-web-extract

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). It echoes user-provided $ARGUMENTS verbatim (in the shell command and the returned Page Title), so any API keys or credentials included in those arguments or URLs would be output verbatim and thus exposed.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly directs the agent to fetch and verbatim-extract arbitrary webpages via "parallel-cli extract $ARGUMENTS", meaning it ingests open/public third-party URL content (webpages, articles, PDFs) that the agent must read and act on, allowing untrusted web content to influence behavior and enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). This skill runs parallel-cli to fetch and inject the contents of any user-provided URL ($ARGUMENTS) at runtime and returns that content verbatim into the agent context, which meaningfully lets remote content control prompts/instructions (flagging "any user-provided URL" fetched via parallel-cli).