parallel-web
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill documentation instructs users to install
parallel-webandopenai. Whileopenaiis a trusted source,parallel-webis not on the approved list of trusted organizations. This is considered low risk as it is the primary package required for the skill. - DATA_EXFILTRATION (LOW): The skill performs network requests to
api.parallel.ai. While this domain is not on the whitelist, these operations are necessary for the skill to function as a web search and extraction tool. - PROMPT_INJECTION (LOW): The skill exhibits an indirect prompt injection surface (Category 8) because it retrieves data from arbitrary URLs via the Search and Extract APIs. Ingestion points: Web content and excerpts returned by the
api.parallel.aiendpoints. Boundary markers: Absent; the documentation does not provide instructions for the agent to use delimiters or ignore instructions found within extracted text. Capability inventory: The skill allows the agent to read and process external web content. Sanitization: No sanitization or filtering of the fetched content is described in the provided documentation.
Audit Metadata