exa-research
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill constructs shell commands using user-provided instruction strings. Evidence: The
exa-ai research-start --instructionspattern takes raw text input. Risk: If the agent does not sanitize this input, a user could provide instructions containing shell metacharacters (e.g., backticks, semicolons) to execute arbitrary commands. - [PROMPT_INJECTION] (MEDIUM): The skill is vulnerable to Indirect Prompt Injection (Category 8). Evidence: 1. Ingestion points: The
research-getcommand retrieves arbitrary data from the open web. 2. Boundary markers: There are no delimiters or isolation instructions for the retrieved data. 3. Capability inventory: Research results influence agent reasoning and multi-step workflows. 4. Sanitization: No sanitization or filtering of external content is performed. Risk: Malicious instructions on external websites could hijack the agent's behavior when it processes research results. - [EXTERNAL_DOWNLOADS] (LOW): The skill depends on the
exa-aiandjqutilities. These are external dependencies not included in the trusted organizations or repositories list, though they are standard for this skill's functionality.
Audit Metadata