perplexity-research
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is designed to transmit internal 'brain context' (data retrieved from the agent's knowledge base) to the external Perplexity AI API at
api.perplexity.aito find information deltas. This is the intended core functionality for research enrichment. - [COMMAND_EXECUTION]: The skill utilizes several CLI tools including
gbrainfor fetching and storing knowledge, andcurlfor making network requests to the Perplexity API. It also mentions the potential use of a localperplexitybinary. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection.
- Ingestion points: Data enters the system from the public web via synthesis by the Perplexity API (in the
SKILL.mdresearch flow). - Boundary markers: The instructions do not specify any delimiters or safety markers to isolate the retrieved web content from system instructions when it is written back to the knowledge base.
- Capability inventory: The skill can read internal data via
gbrain get, write to the filesystem viagbrain put_page, and make network calls viacurl. - Sanitization: There is no explicit sanitization or filtering logic applied to the external content before it is stored in the
research/directory.
Audit Metadata