perplexity
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation suggests executing a bash command to append an environment variable to the user's shell profile (
~/.bashrc). This is a persistence mechanism that modifies system configuration files to store credentials. - [CREDENTIALS_UNSAFE]: The skill requires a
PERPLEXITY_API_KEYand provides instructions to store it in a localconfig.jsonfile or within shell configuration files, potentially exposing the secret if the filesystem or environment is compromised. - [PROMPT_INJECTION]: The skill is designed to ingest and process web search results and citations from an external API, which constitutes an indirect prompt injection attack surface.
- Ingestion points: Web content and citations returned by the Perplexity API via the
scripts/perplexity_search.shscript. - Boundary markers: No delimiters or instructions to ignore embedded commands in the search results are documented.
- Capability inventory: The skill executes shell scripts and performs network operations via
curl. - Sanitization: There is no evidence of content sanitization or validation of the data retrieved from the Perplexity API before it is processed by the agent.
Audit Metadata