Skills
skills/parallel-web/parallel-cursor-plugin/parallel-web-search/Gen Agent Trust Hub

parallel-web-search

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute the parallel-cli command by interpolating user-provided $ARGUMENTS directly into a shell string. While the arguments are wrapped in double quotes in the example, this pattern presents a potential surface for command injection if the underlying agent environment does not handle shell escaping properly.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8).
  • Ingestion points: Untrusted data from web search results is ingested via the output of the parallel-cli tool as described in SKILL.md.
  • Boundary markers: Absent. The instructions do not include any delimiters or directives for the agent to ignore instructions embedded within the retrieved web content.
  • Capability inventory: The skill allows the agent to execute bash commands (specifically parallel-cli) and write search results to the /tmp/ directory.
  • Sanitization: Absent. There is no evidence of content filtering or validation of the data retrieved from the web before it is synthesized into a response.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 11:48 PM
Security Audit — agent-trust-hub — parallel-web-search