paralel-search
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted web data, creating an indirect prompt injection surface.
- Ingestion points: Untrusted data enters the agent context via the
web_search_previewandweb_fetchmethods inapp.py. - Boundary markers: The skill lacks explicit delimiters or instructions to the LLM to ignore potentially malicious embedded commands in the fetched web content.
- Capability inventory: No dangerous local execution (e.g., subprocess) or file-write capabilities were identified across the skill scripts, limiting the potential impact of an injection.
- Sanitization: Content retrieved from external URLs is joined and returned to the agent without filtering or sanitization.
Audit Metadata