parallel-web-search
Fail
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides instructions to download and execute a shell script directly from the vendor's domain using a piped bash command (curl -fsSL https://parallel.ai/install.sh | bash) for tool setup and authentication.\n- [COMMAND_EXECUTION]: User-supplied query arguments ($ARGUMENTS) are interpolated directly into a bash command string (parallel-cli search "$ARGUMENTS"). This configuration presents a potential command injection surface if the agent platform does not perform strict input sanitization before execution.\n- [EXTERNAL_DOWNLOADS]: The skill specifies the installation of a Python package (parallel-web-tools) via pipx from public repositories as a fallback setup method.\n- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection due to its core function of processing untrusted web content.\n
- Ingestion points: External data enters the agent context through search result excerpts retrieved by the parallel-cli tool from various web domains.\n
- Boundary markers: The instructions do not define clear delimiters or include warnings for the agent to ignore instructions embedded within the search data.\n
- Capability inventory: The skill has authorized access to the Bash tool and is capable of performing file system writes to the /tmp directory.\n
- Sanitization: No validation, escaping, or filtering of the search result JSON content is documented before the agent synthesizes the information into its response.
Recommendations
- HIGH: Downloads and executes remote code from: https://parallel.ai/install.sh - DO NOT USE without thorough review
Audit Metadata