exa-research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill handles untrusted web data retrieved via the Exa.ai Answer and Search APIs, which is a known vector for indirect prompt injection where instructions embedded in web pages could influence agent behavior.\n
- Ingestion points: Web content and AI-generated responses retrieved through
exa.answer(),exa.search_and_contents(), andexa.research()inreferences/answer-api.mdandreferences/deep-search.md.\n - Boundary markers: None found. The provided code snippets do not demonstrate the use of delimiters or 'ignore' instructions for external data.\n
- Capability inventory: All capabilities are limited to data retrieval, string formatting, and async task management; no dangerous execution sinks like
eval(),exec(), orsubprocessare present.\n - Sanitization: Examples in
references/citations.mdprovide basic URL validation and keyword overlap checks, but they lack robust sanitization for detecting malicious natural language instructions.\n- [External Dependencies] (LOW): The skill references theexa-pyandexa-jslibraries in its code snippets. These are the official SDKs for the Exa.ai service and are standard for this use case.
Audit Metadata