exa-web-search-free
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the user to configure and interact with a remote MCP server located at
https://mcp.exa.ai/mcp. This server provides the underlying logic for the search tools. Exa is a recognized technology company specializing in AI-driven search. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to the nature of its core functionality.
- Ingestion points: Tools such as
web_search_exa,get_code_context_exa, andcrawling_exafetch data from arbitrary external sources including public websites, GitHub, and Stack Overflow. - Boundary markers: There are no explicit instructions or delimiters defined within the skill to isolate retrieved search content from the agent's instructions, increasing the risk of the agent obeying instructions embedded in the search results.
- Capability inventory: The skill uses the
mcporterbinary to execute remote tools. While the skill itself does not perform direct file system or network operations beyond the MCP calls, the ingested data is presented to the agent which may have broader capabilities. - Sanitization: The skill does not perform any sanitization, filtering, or validation on the content retrieved from the internet before passing it to the agent.
Audit Metadata