parallel-deep-research
Fail
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill contains a command to download and execute a script directly from the internet via
curl -fsSL https://parallel.ai/install.sh | bash. This pattern is highly insecure as it executes unverified code with shell privileges and was flagged by automated security scans. - [COMMAND_EXECUTION]: The skill uses
parallel-cliwith variables$ARGUMENTS,$RUN_ID, and$FILENAMEinterpolated directly into shell commands. This presents a risk of command injection if the inputs are not properly sanitized by the underlying system. - [EXTERNAL_DOWNLOADS]: The skill facilitates the download of third-party software and scripts from
parallel.aiand PyPI viapipx install parallel-web-tools. - [CREDENTIALS_UNSAFE]: The skill provides instructions for the user to manually enter and export an API key in the shell environment using
export PARALLEL_API_KEY, which is a common but insecure method for handling sensitive credentials that can lead to exposure in shell history or environment logs.
Recommendations
- HIGH: Downloads and executes remote code from: https://parallel.ai/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata