exa-web-search
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Python
subprocessmodule to interact with theexacommand-line utility for search operations. - [PROMPT_INJECTION]: The skill extracts content and highlights from external websites, creating a vulnerability surface for indirect prompt injection if retrieved data contains adversarial instructions.
- [SAFE]: The skill communicates with the official Exa.ai API and manages authentication via environment variables, following standard security patterns for search tools.
Audit Metadata