parallel-web-search
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes the
parallel-clitool via Bash, interpolating$ARGUMENTSand$FILENAMEinto the command string. While the agent is instructed to format the filename safely, the reliance on LLM-based sanitization for shell arguments poses a potential risk for command injection if input is not properly handled by the agent.\n- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by ingesting untrusted content from the web.\n - Ingestion points: Web search result excerpts and titles are read from JSON files in the
/tmp/directory.\n - Boundary markers: Absent. The skill does not utilize delimiters or provide explicit instructions to the agent to treat search result content as potentially malicious or to ignore embedded commands.\n
- Capability inventory: The skill possesses capabilities to execute shell commands via
parallel-cli.\n - Sanitization: None. The agent is directed to synthesize a response using extracted snippets without any filtering or escaping mechanisms.
Audit Metadata