Skills
skills/codealive-ai/ai-cofounder/exa-company-research/Gen Agent Trust Hub

exa-company-research

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the exec command to run mcporter, which is a CLI wrapper for the Exa search engine. This is the primary method for retrieving research data.
  • [DATA_EXFILTRATION]: Network operations are conducted through the search tool to fetch public information. There is no evidence of accessing or transmitting sensitive user data or credentials.
  • [PROMPT_INJECTION]: The skill processes untrusted content from the web via search results and a browser fallback. While this presents an indirect prompt injection surface, the risk is inherent to web-research skills. Ingestion points include search results from Exa and the browser tool. Capability inventory includes tool execution via exec and browser. The skill attempts to mitigate this through a structured output format requiring specific sections for results, sources, and notes.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 07:02 AM