Perplexity Search Skill

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Perplexity web-search skill that sends user search queries to Perplexity using the user's own API key.

Install this if you are comfortable sending search terms to Perplexity with your own API key. Avoid putting secrets, regulated personal data, or confidential business details in search queries, and monitor Perplexity usage because requests may consume paid quota.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The README states that the agent will 'automatically use this skill when searching the web,' which is an overly broad activation description that can encourage invocation for any web-search-like prompt. In an agentic system, vague auto-use guidance increases the chance of unintended tool execution, unnecessary external data disclosure in queries, and user-surprising behavior when a paid third-party API is called without explicit intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal