perplexity-4
Warn
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/perplexity_search.shperforms unsafe dynamic code generation by interpolating shell variables into a Python command. - Evidence: The script assembles a Python payload using
BODY=$(python3 -c "... 'content': '''$QUERY''' ..."). - Risk: Because
$QUERYis interpolated directly into Python triple-quotes without escaping, a malicious input containing triple-quotes (''' ) can break out of the string literal and execute arbitrary Python commands on the user's system. - [PROMPT_INJECTION]: The skill exhibits misleading metadata and lacks safeguards against indirect prompt injection.
- Evidence (Metadata): The
SKILL.mddocumentation provides a guide for multiple models likesonar-reasoning-proandsonar-research, but thescripts/perplexity_search.shscript contains a hardcoded check that terminates execution if any model other than the basesonaris used. - Evidence (Indirect Injection Surface):
- Ingestion points: The
$QUERYand$SYSTEM_PROMPTvariables inscripts/perplexity_search.shaccept untrusted input. - Boundary markers: No delimiters or instruction-ignore wrappers are used when passing these inputs to the API or the local Python execution block.
- Capability inventory: The skill possesses network access via
curland local script execution viapython3. - Sanitization: No sanitization, escaping, or validation is performed on inputs before they are used in command-line arguments and API payloads.
Audit Metadata