Skills
skills/alphaonedev/openclaw-graph/exa-web-search/Snyk

exa-web-search

Warn

Audited by Snyk on Mar 5, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly describes web crawling and content extraction from public sites via the Exa.ai CLI (e.g., "exa search --crawl-depth ... --extract-content") and API (POST https://api.exa.ai/v1/search) and instructs feeding those results into agent workflows (e.g., summarization), so untrusted third-party web content would be read and could influence subsequent actions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 5, 2026, 10:47 PM