The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to execute system commands for checking file existence, creating directories, and writing configuration files in SKILL.md.\n- [COMMAND_EXECUTION]: It launches a background Node.js process by executing a file in a plugin cache directory (~/.claude/plugins/cache/brain-jar/perplexity-search/*/run.js) as part of the setup flow.\n- [CREDENTIALS_UNSAFE]: The skill accesses and reads /.claude/perplexity-search/config.json, which is intended to store a Perplexity API key.\n- [CREDENTIALS_UNSAFE]: It instructs the agent to request an API key from the user and store it as plain text in a JSON configuration file on the local filesystem.\n- [DATA_EXFILTRATION]: The skill accesses a shared user profile file (/.config/brain-jar/user-profile.json) to retrieve personal information and preferences for search query enrichment.\n- [DATA_EXFILTRATION]: User profile data is sent to the external Perplexity API as part of enriched search queries, potentially exposing private context.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from untrusted search results retrieved from Perplexity.\n- [PROMPT_INJECTION]: Ingestion points: External results retrieved via the mcp__perplexity-search__perplexity_search tool.\n- [PROMPT_INJECTION]: Boundary markers: Absent; instructions in SKILL.md direct the agent to integrate findings naturally into responses without separators.\n- [PROMPT_INJECTION]: Capability inventory: File system access via Bash and Read tools, plus network search capabilities defined in SKILL.md.\n- [PROMPT_INJECTION]: Sanitization: No sanitization or validation of the external search results is mentioned before integration into the model's response.

using-perplexity-for-context