perplexity-research
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows security best practices by requiring the PERPLEXITY_API_KEY to be provided via environment variables, ensuring that no sensitive credentials are hardcoded in the skill's source code.
- [SAFE]: User-provided inputs (topics and queries) are sanitized using shell utilities like 'tr' and 'sed' before being used as part of filenames, which effectively mitigates risks of directory traversal or command injection through malicious inputs.
- [SAFE]: The research script utilizes 'jq' to build the JSON request body for the Perplexity API. This ensures that user-supplied research plans and instructions are safely escaped as JSON strings, preventing any injection into the API payload.
- [SAFE]: The implementation includes a mandatory human-in-the-loop approval step before executing the research plan, providing a clear control point for the user to verify the agent's proposed actions and potential API costs.
- [SAFE]: Comprehensive technical analysis of the shell scripts and instructions reveals no attempts at privilege escalation, unauthorized persistence, or any network communication outside of the official Perplexity API endpoint.
Audit Metadata