perigon-sdks
Warn
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill's core functionality involves ingesting untrusted external content (news articles and summaries) from the Perigon API. This data can contain malicious instructions designed to bypass agent constraints or manipulate downstream actions.\n
- Ingestion points: Methods like
searchArticles,searchStories, andsearchSummarizerfetch data fromapi.perigon.ioas seen inreferences/python-sdk.mdandreferences/typescript-sdk.md.\n - Boundary markers: Absent. There are no instructions or code patterns provided to delimit external content or warn the agent to ignore instructions embedded within the news data.\n
- Capability inventory: The skill provides read access to a wide range of news and entity data via network operations to
api.perigon.io.\n - Sanitization: None detected in the provided code snippets or documentation. No escaping or validation of the external content is suggested before the agent processes it.\n- [Unverifiable Dependencies] (MEDIUM): The installation instructions promote the use of third-party SDKs from public registries that are not within the defined trust scope.\n
- Evidence:
pip install perigonandnpm install @goperigon/perigon-tscommands are featured in the reference files.\n - Risk: While seemingly legitimate official SDKs, they constitute unverifiable third-party code from a security auditing perspective.
Audit Metadata