perplexity

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's mcp__scraper__perplexity and mcp__scraper__perplexity_reason tools explicitly perform AI web searches via the scraper MCP server and return synthesized content plus a "citations" array of source URLs (see "Working with Citations" and the example responses in SKILL.md), meaning the agent ingests and acts on arbitrary public web content that could carry injected instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill scrapes and injects live web content into the model at runtime (e.g., https://nextjs.org/blog/next-15 is shown as a cited source), so external URLs directly influence the agent's prompts/outputs and are a required dependency.