perplexity
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The file
scripts/perplexity_search.shcontains a critical code injection vulnerability. The script usespython3 -cto execute a dynamically generated Python snippet (lines 111-131) where the shell variables$QUERYand$SYSTEM_PROMPTare placed inside triple-quoted strings. An attacker can supply a query containing'''to terminate the string literal and append malicious Python code (e.g.,''' + __import__('os').system('cat /etc/passwd') + '''). - REMOTE_CODE_EXECUTION (HIGH): Since this skill is designed to take input from an AI agent that may be processing untrusted web content or user prompts, it acts as a high-risk remote code execution vector. An attacker can use indirect prompt injection to craft a query that executes commands on the host machine.
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection (Category 8). It ingests untrusted data from the Perplexity API and returns it to the agent without boundary markers or sanitization. 1. Ingestion point:
scripts/perplexity_search.sh(Line 134). 2. Boundary markers: Absent. 3. Capability inventory: Local command execution via the script's own injection vulnerability and network access viacurl. 4. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata