parallel

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt mostly uses environment variables (safe), but it includes an explicit insecure example that passes the BROWSERUSE_API_KEY directly on the command line (--browseruse-key "your-key"), which would require the agent to embed/echo secret values verbatim and thus poses a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests arbitrary public web content (e.g., scripts/extract.py extracts any URL, scripts/search.py and scripts/task.py perform web searches and content extraction via Parallel.ai, and scripts/monitor.py collects source_urls/excerpts), and those results are read and used to drive task outputs, enrichments, monitoring alerts and follow-up actions—so untrusted, user-provided third‑party content can materially influence agent behavior and enable indirect prompt injection.