perplexity-search
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The skill retrieves untrusted data from the web and provides it to the agent. Since the skill also has permission to execute commands through Bash, it creates a significant risk for Indirect Prompt Injection, where malicious instructions on a website could influence the agent's actions.\n
- Ingestion points: Fetches web content and AI-generated responses from Perplexity.\n
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are documented.\n
- Capability inventory: The skill is granted Bash (command execution) and Read (file access) permissions.\n
- Sanitization: No sanitization of the external web data is mentioned.\n- COMMAND_EXECUTION (LOW): The skill uses Bash to execute its internal Python logic (scripts/mcp/perplexity_search.py). While standard for operation, this capability is what makes the injection risk severe.\n- EXTERNAL_DOWNLOADS (MEDIUM): The use of uv run indicates that Python dependencies may be downloaded and updated from external package registries at runtime.
Recommendations
- AI detected serious security threats
Audit Metadata