parallel-web-extract
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download the parallel-cli tool directly from the vendor's official domain (parallel.ai) and via the Python package manager.
- [REMOTE_CODE_EXECUTION]: The setup procedure involves downloading and executing a shell script from the vendor's server to install the required command-line utilities.
- [COMMAND_EXECUTION]: The skill invokes the parallel-cli extract command using user-supplied arguments to process web content.
- [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by ingesting and processing untrusted data from external URLs. 1. Ingestion points: Output from the parallel-cli extract command as defined in SKILL.md. 2. Boundary markers: Absent; the skill does not use specific delimiters or instructions to ignore embedded commands in the extracted text. 3. Capability inventory: Use of parallel-cli for network operations and content extraction. 4. Sanitization: No explicit validation or filtering of the extracted content is performed before it is presented to the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://parallel.ai/install.sh - DO NOT USE without thorough review
Audit Metadata