exa-websets-monitor
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Prompt Injection (SAFE): The skill contains instructional guidelines for tool usage and does not attempt to override the agent's core instructions or safety filters.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file path access, or unauthorized network operations were detected.
- Command Execution (SAFE): The documented CLI commands are specific to the exa-ai tool and follow best practices to avoid fragile or unsafe shell patterns.
- Indirect Prompt Injection (LOW): The skill handles untrusted external content from search results. This risk is effectively mitigated by explicit instructions to use JSON schemas and structured parsing with jq to isolate data. Evidence Chain: 1. Ingestion Point: Search query results and monitor outputs. 2. Boundary Markers: Encourages the use of JSON and jq for field extraction. 3. Capability Inventory: CLI tool execution (exa-ai) via bash. 4. Sanitization: Achieved through structured data parsing instead of raw text interpolation.
Audit Metadata