exa-answer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and synthesizes "citations from web sources" and includes commands that run exa-ai search and webset-create/get-contents (e.g., "exa-ai search", "webset-create --search", "Use when you need factual answers with citations from web sources"), which clearly ingests open/public third-party web content that may be user-generated and is read by the agent.