Skills
skills/jimmc414/kosmos/perplexity-search/Gen Agent Trust Hub

perplexity-search

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECREDENTIALS_UNSAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE] (LOW): The script scripts/setup_env.py allows users to provide their OpenRouter API key via a command-line argument (--api-key). This practice is insecure as it may leave the secret in the shell history or make it visible in process monitoring tools.
  • [PROMPT_INJECTION] (LOW): The script scripts/perplexity_search.py is vulnerable to indirect prompt injection because it interpolates raw user queries directly into the LLM message content without sanitization or protective delimiters.
  • Ingestion points: User-provided search query via command-line arguments in perplexity_search.py.
  • Boundary markers: Absent. The query is passed directly as the message content.
  • Capability inventory: Network access to OpenRouter/Perplexity APIs and file system write access via the --output flag.
  • Sanitization: None. The input is used as-is.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill relies on the litellm Python package. While it is a widely used and reputable library, the script encourages runtime installation (uv pip install litellm) which introduces an external dependency.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:24 PM