parallel-web-search
Fail
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill contains a setup instruction to download and execute a script from
https://parallel.ai/install.shusingcurl -fsSL ... | bash. This allows arbitrary remote code execution from an unverified source. - [COMMAND_EXECUTION]: The skill executes shell commands using
$ARGUMENTSinparallel-cli search "$ARGUMENTS". This presents a risk of command injection if the input contains shell metacharacters that escape the double-quote encapsulation. - [EXTERNAL_DOWNLOADS]: The skill attempts to install the
parallel-web-tools[cli]package from an external repository usingpipx. - [CREDENTIALS_UNSAFE]: The instructions guide the user to set sensitive API keys via environment variables (
export PARALLEL_API_KEY="your-key"), which can lead to credential exposure in shell history or environment logging. - [PROMPT_INJECTION]: The skill processes untrusted content from the web and synthesizes it into a response without safety delimiters.
- Ingestion points: Search results retrieved from the web via
parallel-cli(SKILL.md). - Boundary markers: No delimiters or "ignore instructions" warnings are defined for processing search results (SKILL.md).
- Capability inventory: The skill has access to the Bash tool and file system via
/tmp(SKILL.md). - Sanitization: No sanitization or validation of the retrieved web content is performed before interpolation into the final response (SKILL.md).
Recommendations
- HIGH: Downloads and executes remote code from: https://parallel.ai/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata