exa-find-similar
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the bash tool to execute the
exa-aiCLI and thejqutility for searching and processing web results. - [PROMPT_INJECTION]: The skill's primary function of fetching and summarizing external web content creates an indirect prompt injection surface where untrusted data could attempt to influence the agent's instructions. • Ingestion points: External web pages and summaries retrieved via
exa-ai find-similarandexa-ai searchin SKILL.md. • Boundary markers: The skill does not explicitly define delimiters or provide warnings to ignore embedded instructions in the fetched content. • Capability inventory: Execution ofexa-aiandjqcommands within a bash environment. • Sanitization: The skill recommends using JSON schemas (--summary-schema) andjqfor structured extraction, which provides a layer of validation for the ingested data.
Audit Metadata