exa-websets-search
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): Indirect Prompt Injection risk (Category 8). \n
- Ingestion points:
webset-search-create(searches live web) andimport-create(reads local CSV files). \n - Boundary markers: No boundary markers or delimiters are documented for data ingestion. \n
- Capability inventory: Includes
webset-delete,webset-item-delete, andenrichment-delete, allowing for resource destruction. \n - Sanitization: No documentation of sanitization or filtering of external content before AI-driven enrichment. \n- COMMAND_EXECUTION (MEDIUM): The skill exposes the
exa-aiCLI, allowing the agent to perform operations with significant side effects on the external service, including permanent data deletion.
Recommendations
- AI detected serious security threats
Audit Metadata