perplexity-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill calls the OpenRouter Perplexity Sonar API (search.mjs POST to https://openrouter.ai/api/v1/chat/completions) and SKILL.md explicitly describes using Perplexity to return web‑grounded, citation-backed summaries (blogs, GitHub, arXiv, recent announcements) that agents are instructed to read and use to mark papers as "superseded" or "current SOTA," which exposes the agent to untrusted third‑party content that can influence actions.