parallel-ai-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly searches and extracts content from live web URLs (SKILL.md: "Search the live web and extract ... from URLs" and the runtime scripts scripts/parallel-search-extract.mjs and scripts/parallel-extract.mjs) so the agent ingests arbitrary public third‑party content and uses those extracts to drive answers/citations, which can enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime calls to https://api.parallel.ai (POST /v1beta/extract) to fetch user-supplied webpages/PDFs and returns extracted text that is injected into the agent’s context, meaning remote content can directly control prompts/outputs.