Skills
skills/parallel-web/parallel-agent-skills/status/Gen Agent Trust Hub

status

Pass

Audited by Gen Agent Trust Hub on May 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the template parallel-cli research status "$ARGUMENTS" --json which includes direct interpolation of user-supplied data into a bash command. While the use of double quotes provides some protection against word splitting, it may not prevent command substitution or other shell-specific injection techniques if the execution environment is not strictly restricted.- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by processing external data.
  • Ingestion points: User input via $ARGUMENTS and the output of the parallel-cli command.
  • Boundary markers: No specific delimiters or instructions are used to separate untrusted content from the system prompt instructions.
  • Capability inventory: The skill uses the Bash tool to interact with the system.
  • Sanitization: No explicit sanitization or validation of the input or output content is observed.
Audit Metadata
Risk Level
SAFE
Analyzed
May 23, 2026, 12:36 AM
Security Audit — agent-trust-hub — status