parallel-web
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
openaiandparallel-webPython packages to interface with the Parallel Web Systems APIs. These are standard client libraries used to interact with the vendor's services. - [COMMAND_EXECUTION]: The script
scripts/parallel_web.pyprovides a command-line interface for search and extraction tasks, allowing the agent to execute research operations within the environment. - [DATA_EXFILTRATION]: The skill transmits user queries and research objectives to the
api.parallel.aiservice. This data transfer is the intended purpose of the tool and uses the vendor's documented API infrastructure. - [PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection due to its handling of untrusted data from the web.
- Ingestion points: Web content is retrieved through the Parallel Search and Extract APIs and provided to the agent or saved to files.
- Boundary markers: No specific delimiters or safety instructions are implemented in the script to distinguish retrieved web data from the agent's internal logic.
- Capability inventory: The script can write output to the local filesystem (utilizing the
Writetool) and performs network communication with the API provider. - Sanitization: No explicit sanitization, filtering, or validation of the retrieved web content is performed before it is returned to the agent context.
Audit Metadata