perplexity-research
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits local context retrieved from the agent's internal storage (via
gbrain get) to an external API (api.perplexity.ai). This operation is the primary purpose of the skill and targets a well-known AI service. - [COMMAND_EXECUTION]: The skill instructions direct the agent to use
curlto interact with the Perplexity API or a localperplexitybinary to perform research tasks. - [PROMPT_INJECTION]: The skill has a potential surface for indirect prompt injection (Category 8) due to the handling of external data.
- Ingestion points: Data enters the agent context through
gbrain get(local pages) and the Perplexity API response (external search results from the web). - Boundary markers: The instruction template uses simple text headers to separate 'Topic' and 'Brain context' but lacks robust delimiters or boundary markers to prevent embedded instructions in search results from influencing the agent.
- Capability inventory: The agent has the ability to write to the filesystem via
gbrain put_pageand execute network requests viacurl. - Sanitization: No sanitization, escaping, or validation of the content retrieved from the Perplexity API is performed before writing it to new brain pages.
Audit Metadata