exa-tool
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill presents an attack surface for indirect prompt injection as it ingests and returns untrusted data from the web.\n
- Ingestion points: Web content retrieved via https://mcp.exa.ai/mcp in bin/exa-search and bin/exa-web-search.\n
- Boundary markers: Absent; search results are returned as raw JSON without delimiters or instructions to ignore embedded prompts.\n
- Capability inventory: The skill is limited to HTTPS requests and does not have file-system or shell execution capabilities.\n
- Sanitization: Absent; the skill does not filter or sanitize the retrieved web content.\n- Data Exposure & Exfiltration (SAFE): The EXA_API_KEY is retrieved from environment variables and only transmitted to the hardcoded official API endpoint via HTTPS. No sensitive data is leaked to unauthorized domains.\n- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill has no external dependencies and uses only native Node.js modules, significantly reducing the supply chain risk.
Audit Metadata