perplexity-search

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] Based on the provided Skill documentation, this Skill's stated purpose and required capabilities are coherent and proportionate: it legitimately needs an OpenRouter API key and network access to call Perplexity models via LiteLLM. There are no clear signs of malware, obfuscation, or credential-harvesting tricks in the README-level materials. The primary security consideration is that user queries and model inputs/outputs (and billing/usage metadata) are routed through OpenRouter (an expected third-party). Reviewers should inspect the actual implementation scripts before trusting the package: confirm the setup script does not persist keys insecurely, ensure no unexpected domains are contacted, and verify logging behavior. Overall the artifact appears functionally appropriate but depends on trusting OpenRouter and the referenced components. LLM verification: The provided SKILL.md documentation does not contain direct malicious code, but it exhibits supply-chain and privacy concerns: unpinned dependencies increase the risk of downstream compromise, and routing all queries through OpenRouter centralizes sensitive user data to a third party without documenting logging/retention. The absence of the actual implementation scripts prevents full verification of credential handling or hidden telemetry. Before use, obtain and audit the referenced scripts, pin