perplexity-search
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill performs network operations to api.perplexity.ai to retrieve search results and completions. Although this is the skill's primary purpose, the domain is not among the trusted sources defined in the security policy.
- Evidence: scripts/perplexity_api.py uses urllib.request.urlopen to transmit data to the Perplexity API endpoints.
- [Indirect Prompt Injection] (LOW): The skill processes content from the web via the Perplexity API, creating a surface for potential indirect prompt injection attacks where malicious web content could influence the agent's behavior.
- Ingestion points: scripts/perplexity_api.py (via API responses from sonar-pro, sonar-deep-research, and sonar-reasoning-pro models).
- Boundary markers: Absent; results are printed directly to stdout without delimiters or clear distinction from system instructions.
- Capability inventory: The script is limited to network read/write operations and does not possess file-writing or subprocess execution capabilities.
- Sanitization: No sanitization or filtering of the external API content is performed before it is presented to the agent.
Audit Metadata