perplexityai-automation

Functionally the manifest is coherent and implements a mediated orchestration pattern (search -> connect -> execute). The dominant risk is the centralized MCP: an untrusted or compromised MCP can observe or modify tool schemas, capture auth flows, and exfiltrate user prompts, session IDs, or credentials. There are no explicit signs of obfuscated malware or hardcoded secrets in the provided content. Recommended mitigations before use in sensitive environments: validate MCP operator trust, require TLS and attestation/pinning, enforce domain allowlisting for auth links, redact secrets from memory/arguments, and prefer direct-to-service flows for highly sensitive operations. Overall: acceptable functionality but notable supply-chain/data-exfiltration risk due to mediator dependence.