The Agent Skills Directory

[Data Exposure & Exfiltration] (SAFE): The skill uses the PERPLEXITY_API_KEY environment variable for authentication and only communicates with the legitimate api.perplexity.ai domain. No sensitive local file access was detected.
[Command Execution] (SAFE): Shell commands are used to invoke curl for API requests. The skill safely passes request payloads using the -d @file flag with a temporary JSON file, which prevents potential command injection vulnerabilities that could arise from direct string interpolation.
[Indirect Prompt Injection] (SAFE): The skill is designed to retrieve and process third-party web content (search results). While this is a data ingestion surface, the skill does not implement unsafe processing or interpolation of this data that would elevate the risk beyond the inherent nature of a search tool.
[Persistence Mechanisms] (SAFE): The skill does not attempt to modify system configuration files, shell profiles, or create scheduled tasks.
[Unverifiable Dependencies] (SAFE): No external package managers (npm, pip) or remote script executions (curl | bash) are utilized. It relies on standard system utilities like curl and jq.

perplexity