Skills
skills/codealive-ai/ai-cofounder/exa-people-research/Gen Agent Trust Hub

exa-people-research

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill directs the agent to run the mcporter command-line tool to interface with the Exa search API, using dynamically constructed queries.
  • [PROMPT_INJECTION]: An indirect prompt injection surface is present as the skill processes search results and web content from untrusted external sources without providing instructions for isolation or sanitization.
  • Ingestion points: Results from exa-search.web_search_advanced_exa and pages visited via the browser tool.
  • Boundary markers: Absent; no delimiters or ignore-instructions are used for external data.
  • Capability inventory: Subprocess execution via mcporter and authenticated web browsing.
  • Sanitization: Absent; the skill does not specify any validation or filtering of retrieved content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 07:03 AM