parallel-web-extract

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly directs the agent to fetch and verbatim-extract arbitrary webpages via "parallel-cli extract $ARGUMENTS", meaning it ingests open/public third-party URL content (webpages, articles, PDFs) that the agent must read and act on, allowing untrusted web content to influence behavior and enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). This skill runs parallel-cli to fetch and inject the contents of any user-provided URL ($ARGUMENTS) at runtime and returns that content verbatim into the agent context, which meaningfully lets remote content control prompts/instructions (flagging "any user-provided URL" fetched via parallel-cli).