parallel-cli

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Two URLs (example.com and company.com) are generic placeholders and not direct downloads, but https://parallel.ai/install.sh is a direct shell-script installer (and the prompt even suggests piping it to bash), which is a high-risk distribution pattern because executing remote .sh files without verification can deliver malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Yes — the SKILL.md explicitly instructs the agent to fetch and ingest public web content (e.g., "parallel-cli search", "parallel-cli extract https://example.com", "parallel-cli fetch", "findall", and "monitor") and to summarize or act on those returned sources, meaning untrusted third‑party pages can be read/interpreted and materially influence follow-up actions.