setup

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). This is high-risk: it points to a direct .sh installer on a single, unverified domain and the skill instructs piping it into bash with no checksum or provenance, a common malware distribution pattern.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs running a remote install script with curl -fsSL https://parallel.ai/install.sh | bash, which fetches and executes code at runtime and thus directly controls execution.