perplexity-research

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill is designed to transmit internal 'brain context' (data retrieved from the agent's knowledge base) to the external Perplexity AI API at api.perplexity.ai to find information deltas. This is the intended core functionality for research enrichment.
  • [COMMAND_EXECUTION]: The skill utilizes several CLI tools including gbrain for fetching and storing knowledge, and curl for making network requests to the Perplexity API. It also mentions the potential use of a local perplexity binary.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection.
  • Ingestion points: Data enters the system from the public web via synthesis by the Perplexity API (in the SKILL.md research flow).
  • Boundary markers: The instructions do not specify any delimiters or safety markers to isolate the retrieved web content from system instructions when it is written back to the knowledge base.
  • Capability inventory: The skill can read internal data via gbrain get, write to the filesystem via gbrain put_page, and make network calls via curl.
  • Sanitization: There is no explicit sanitization or filtering logic applied to the external content before it is stored in the research/ directory.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 03:26 PM
Security Audit — agent-trust-hub — perplexity-research