Skills
skills/parallel-web/parallel-agent-skills/parallel-data-enrichment/Gen Agent Trust Hub

parallel-data-enrichment

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute parallel-cli commands. These commands handle metadata suggestions (enrich suggest), task initiation (enrich run), and status polling (enrich poll).
  • [EXTERNAL_DOWNLOADS]: Mentions the parallel-web-tools package (installable via pipx). This is identified as a legitimate resource belonging to the skill's vendor ('parallel').
  • [DATA_EXFILTRATION]: Data provided by the user (either inline or via CSV) is sent to the vendor's service via parallel-cli for processing. This network activity is documented and aligns with the primary purpose of data enrichment.
  • [PROMPT_INJECTION]: The skill processes untrusted user input from command-line arguments and CSV files which are interpolated into tool commands.
  • Ingestion points: The $ARGUMENTS variable and source CSV files defined in SKILL.md.
  • Boundary markers: Instructions do not specify the use of delimiters or boundary markers to isolate untrusted data from the command context.
  • Capability inventory: The skill uses the Bash tool for shell execution, has file-writing capabilities (to /tmp), and performs network operations (via parallel-cli).
  • Sanitization: Input data is interpolated directly into command flags without explicit sanitization or validation steps provided in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 11:48 PM