exa-tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill issues web searches and GitHub code/context searches (see the "search" and "code" commands and description "searching the web" and "GitHub") that ingest public, user-generated content which the agent reads as part of its workflow, enabling indirect prompt injection.