The Agent Skills Directory

[DATA_EXFILTRATION]: The skill accesses the .env.local file to retrieve the PARALLEL_API_KEY. This key is then used in the x-api-key header for authorized requests to https://api.parallel.ai. This behavior is expected for a skill that integrates with an external API and uses legitimate configuration files for credential management.
[COMMAND_EXECUTION]: The skill executes curl commands within a bash loop to interact with the Parallel AI API and poll for task status. It also utilizes standard utilities like grep and cut to parse JSON responses. These operations are limited to the intended API interaction and do not involve executing untrusted input.
[EXTERNAL_DOWNLOADS]: The documentation recommends an alternative installation method using npx to fetch a package from a service-related repository (parallel-web/parallel-agent-skills). This is a transparent reference to the official distribution channel for the associated service.
[PROMPT_INJECTION]: The skill acts as an ingestion point for external data by fetching and displaying research reports synthesized from multiple web sources by the Parallel AI service. 1. Ingestion points: API responses from https://api.parallel.ai/v1/tasks/runs/. 2. Boundary markers: Absent. 3. Capability inventory: Limited to network requests (curl) and local text processing. 4. Sanitization: Absent. While this presents an indirect prompt injection surface, the risk is mitigated by the restricted capabilities of the script.

parallel-deep-research