exa-get-contents
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): The skill is susceptible to Indirect Prompt Injection (Category 8). It ingests untrusted data from external URLs which are then processed for summarization and structured extraction.
- Ingestion points: Data enters the agent's context through the output of
exa-ai get-contents <URL>. - Boundary markers: No specific delimiters or instructions are provided to the agent to treat the fetched content as untrusted or to ignore instructions embedded within it.
- Capability inventory: The skill executes shell commands (
exa-ai,jq) and processes the resulting text for decision-making. - Sanitization: There is no evidence of sanitization or filtering of the content retrieved from external websites.
- [COMMAND_EXECUTION] (LOW): The skill requires the execution of the
exa-aiCLI andjqutility. While these are standard tools for this skill's purpose, they involve direct interaction with the host's shell environment.
Audit Metadata