Skills
skills/alcyone-labs/agent-skills/exa-search/Gen Agent Trust Hub

exa-search

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local helper scripts like get-key.sh and set-key.sh via execFileSync to manage configuration and retrieve stored API keys.
  • [EXTERNAL_DOWNLOADS]: The install.sh script utilizes npx to fetch and run the management tool from the author's NPM scope (@alcyone-labs/agent-skills). The skill also connects to api.exa.ai to perform search and crawl operations.
  • [DATA_EXFILTRATION]: The skill transmits search queries and API credentials to the Exa AI service (api.exa.ai). This is the intended functionality of the search tool.
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by fetching and displaying untrusted data from the internet.
  • Ingestion points: Content is ingested from the Exa API in search.cjs, code.cjs, company.cjs, and crawl.cjs.
  • Boundary markers: The output is structured with Markdown headers and dividers but lacks explicit instructions for the agent to ignore commands within the results.
  • Capability inventory: The skill is limited to data retrieval and configuration; it does not include capabilities for arbitrary file writing or system modification.
  • Sanitization: Content retrieved from the API is displayed to the agent without filtering or sanitization.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 04:15 AM