Skills
skills/parallel-web/parallel-agent-skills/parallel-web-search/Gen Agent Trust Hub

parallel-web-search

Pass

Audited by Gen Agent Trust Hub on May 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data from web search results, creating a surface for indirect prompt injection attacks.
  • Ingestion points: Web search results (titles, excerpts, and URLs) are fetched via the parallel-cli tool and stored in temporary JSON files (e.g., /tmp/$FILENAME.json).
  • Boundary markers: Absent. There are no instructions or delimiters provided to the agent to treat search result content as untrusted or to ignore embedded instructions.
  • Capability inventory: The skill utilizes the Bash tool to execute the parallel-cli command.
  • Sanitization: None. The agent is instructed to extract content from excerpts and synthesize a response directly from the data.
  • [COMMAND_EXECUTION]: The skill uses shell interpolation to include user-supplied input ($ARGUMENTS) in a command executed via the Bash tool. While the variable is wrapped in double quotes, this pattern remains a potential surface for command injection (such as through subshell expansion like $(...)) depending on the specific shell environment used for execution.
Audit Metadata
Risk Level
SAFE
Analyzed
May 23, 2026, 12:35 AM
Security Audit — agent-trust-hub — parallel-web-search