perplexity-search

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that inline the OpenRouter API key (export OPENROUTER_API_KEY='sk-or-v1-your-key-here' and passing --api-key on the command line), which requires or encourages embedding secret values verbatim in commands and outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs real-time web searches using Perplexity models via OpenRouter (see SKILL.md overview and scripts/perplexity_search.py), so it ingests and interprets content from open/public web sources which can influence responses and downstream actions.