Overview
- Fresh findings detail a URL-based exploit in Perplexity’s Comet that treats query parameters as agent instructions, pulling from memory and posting results to an attacker-controlled endpoint.
- Brave’s analysis describes indirect prompt injection during page summaries, where hidden on-page text can steer an agent to act on data from other tabs or connected services.
- Hands-on testing shows clear conveniences, with Comet filling a Kroger pickup cart and navigating a Clear trial cancellation without manual steps.
- The category is expanding, with Comet and Dia widely available, OpenAI’s ChatGPT Atlas on macOS, Opera previewing Neon, and Microsoft testing Copilot Actions in Edge.
- Security researchers and reporters advise limiting agent access and avoiding logins to sensitive accounts, noting unresolved risks alongside early usability gaps such as missing tab tools and web-app support.