perplexity

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's docs (e.g., references/pro-search.md and references/search-api.md) explicitly describe Pro Search and the Search API using built-in tools "web_search" and "fetch_url_content" (and examples that fetch arbitrary URLs/file_url/image_url) to retrieve and ingest public web pages and content, which the agent reads and uses to drive multi-step reasoning and tool orchestration—exposing it to untrusted third‑party content that could carry indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Pro Search feature includes a built-in fetch_url_content tool that at runtime retrieves full content from external URLs (e.g., https://arxiv.org/pdf/...) and injects that content into the agent's reasoning/response stream, so remote content can directly control prompts/outputs.