perplexity-tools
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill is designed to ingest data from an external source (Perplexity AI API). This creates a surface for Indirect Prompt Injection (Category 8c), where malicious instructions hidden on web pages crawled by Perplexity could be passed into the agent's context. While the skill primarily returns text and citations, the lack of explicit boundary markers in the instructions increases the risk that the agent may interpret untrusted output as instructions.
- [Command Execution] (LOW): The skill uses
uv runto execute a local Python script located at.claude/skills/perplexity-tools/scripts/perplexity.py. This constitutes local command execution (Category 4). The security of this operation depends entirely on the content of theperplexity.pyscript, which is not provided in this file and must be audited separately. - [External Downloads] (LOW): The use of the
uvtool typically involves dynamic resolution and downloading of Python dependencies at runtime. Without a corresponding lockfile or pyproject.toml provided for analysis, the specific packages and their versions remain unverifiable.
Audit Metadata