parallel
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection due to its core functionality of ingesting and processing untrusted content from the public web.
- Ingestion points: Web excerpts and full page content are ingested from the Parallel.ai API across multiple scripts:
scripts/search.py,scripts/extract.py,scripts/task.py, andscripts/findall.py. - Boundary markers: The scripts do not implement specific boundary markers (like XML tags or clear delimiters) or explicit 'ignore instructions' warnings when presenting retrieved web content to the agent.
- Capability inventory: The skill possesses network communication capabilities and the ability to process and display arbitrary web data.
- Sanitization: While content is truncated for length in several scripts, there is no evidence of sanitization or escaping to prevent embedded instructions in web content from influencing the agent's behavior.
Audit Metadata