Skills
skills/codealive-ai/ai-cofounder/exa-code-search/Snyk

exa-code-search

Warn

Audited by Snyk on Apr 2, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly states the skill finds code snippets and docs from public sites like GitHub and StackOverflow and uses the exa-code.get_code_context_exa call to retrieve that content, so the agent ingests and acts on untrusted, user-generated web content.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 2, 2026, 07:03 AM
Issues
1