perplexity-search
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill retrieves external web content that is inherently untrusted and presents it to the agent, creating a surface for indirect prompt injection attacks.
- Ingestion points: The script
scripts/perplexity_search.pyingests external content from Perplexity search results via the OpenRouter API. - Boundary markers: Absent. The search results are returned as raw text and are not wrapped in delimiters or accompanied by instructions for the agent to ignore embedded commands.
- Capability inventory: The script can write search results to a local file using the
--outputcommand-line argument and provides its output directly to the agent's context. - Sanitization: Absent. The skill does not perform any sanitization or filtering on the content retrieved from the external API response.
- External Communications (LOW): The skill transmits search queries and an API key to
openrouter.ai. While this is expected behavior for the tool's purpose, it constitutes data transit to a third-party service outside the local environment.
Audit Metadata