exa-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests open/public third-party content—e.g., web_search_exa/web_search_advanced_exa, get_code_context_exa (mentions GitHub and Stack Overflow), and crawling_exa (extract full page content from arbitrary URLs)—and these results are used in workflows like deep_researcher_start/check, so untrusted external content can directly influence agent decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires running "npx -y exa-mcp-server" at runtime which downloads and executes remote package code (from the npm registry, e.g. https://www.npmjs.com/package/exa-mcp-server), and that package implements the MCP tools that directly control agent prompts/behavior, so it is a runtime dependency that executes remote code and influences instructions.