exa-entities
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill demonstrates processing untrusted data from the web (search results from Exa.ai), which could potentially contain malicious instructions.
- Ingestion points:
exa.search_and_contentsresults, specifically thetext,summary, andhighlightsfields retrieved from the web incompany-search.md,people-search.md, andwebsets.md. - Boundary markers: None are present in the provided code snippets to distinguish between instructions and data.
- Capability inventory: The skill contains code for local file system access, specifically writing search results to CSV and other files using
open()incompany-search.mdandwebsets.md. - Sanitization: The examples do not include sanitization or validation of the retrieved web content before it is printed or written to disk.
- [Data Exposure & Exfiltration] (LOW): The skill includes code snippets that write data to the local file system (e.g.,
export_companies_to_csvincompany-search.md). While appropriate for the skill's stated purpose of lead generation, this is a capability that could be misused if modified.
Audit Metadata