Skills
skills/michailbul/laniameda-skills/parallel-web-search/Gen Agent Trust Hub

parallel-web-search

Fail

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill interpolates user-provided input ($ARGUMENTS) directly into a bash command string: parallel-cli search "$ARGUMENTS". This allows an attacker to execute arbitrary shell commands by providing input that includes shell metacharacters such as backticks, semicolons, or command substitution sequences to escape the intended command context.\n- [PROMPT_INJECTION]: The skill ingests and processes untrusted data from the web (search result excerpts) without using boundary markers or isolation techniques. This creates a vulnerability to indirect prompt injection, where malicious instructions on external websites could manipulate the agent's output or actions.\n
  • Ingestion points: Data enters the agent's context from the JSON output and excerpts of the parallel-cli search command.\n
  • Boundary markers: Absent. The skill does not provide delimiters or instructions to treat search results as untrusted data.\n
  • Capability inventory: The skill uses the Bash tool and is capable of writing search results to local JSON files ($FILENAME.json).\n
  • Sanitization: Absent. There are no steps to validate or filter the content retrieved from search excerpts before it is used to synthesize a response.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 17, 2026, 10:29 AM