The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/parallel.sh is vulnerable to command injection via shell expansion. Specifically, in the run_task function, the variables $processor and $input are placed inside a double-quoted string passed to curl -d. Because Bash expands command substitutions like $(...) inside double quotes, an attacker-controlled query could execute arbitrary local commands on the user's system.
[CREDENTIALS_UNSAFE]: In scripts/search.py, a hardcoded API key (y2s_m4er5i6-5qCikOLUtmnkvOYRU24eDphq_jg1) is used as a fallback value for the PARALLEL_API_KEY environment variable. Hardcoding secrets in source code is a major security risk as it can lead to credential theft and unauthorized API usage.
[EXTERNAL_DOWNLOADS]: The skill performs legitimate network operations to the vendor's API at api.parallel.ai and api.browser-use.com (for authenticated browsing features) to provide search and extraction services.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it retrieves and processes content from arbitrary external websites (Category 8).
Ingestion points: scripts/extract.py, scripts/search.py, and scripts/task.py fetch external web content via the Parallel SDK.
Boundary markers: No delimiters or safety instructions are added to separate retrieved web data from the agent's instructions.
Capability inventory: The skill includes local shell execution capabilities via scripts/parallel.sh.
Sanitization: There is no evidence of sanitization or filtering applied to the retrieved content before it is returned to the agent context.

parallel