reverse-engineer
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [Data Exposure & Exfiltration] (MEDIUM): The skill instructs the agent to extract and process sensitive authentication data including session cookies (pplx.session-id) and Bearer tokens. While necessary for the primary purpose, handling live credentials increases risk. Severity reduced from HIGH as it is essential to the skill's function.
- [Indirect Prompt Injection] (LOW): The skill parses user-provided cURL commands which are untrusted data sources. Malicious instructions could be embedded in headers or payloads to manipulate agent code generation.
- Ingestion points: Step 1 (capture traffic/user-pasted cURL).
- Boundary markers: Absent.
- Capability inventory: Implementation of SDK files including domain models and transport logic.
- Sanitization: Absent.
- [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): Recommends the use of 'curl_cffi', a third-party library for TLS fingerprinting not maintained by a trusted organization.
- [Command Execution] (LOW): Directs the agent to analyze network requests targeting non-whitelisted domains (perplexity.ai) for discovery.
Audit Metadata