The Agent Skills Directory

[PROMPT_INJECTION] (LOW): The skill facilitates the retrieval of external web content, creating a surface for Indirect Prompt Injection attacks. \n * Ingestion points: Untrusted web content enters the agent context via search_and_contents and get_contents calls as documented in SKILL.md and references/contents.md.\n * Boundary markers: No specific boundary markers or instructions to ignore embedded commands are included in the provided code snippets.\n * Capability inventory: The skill is specifically designed to provide text, summaries, and highlights to an agent, which are frequently used in RAG (Retrieval-Augmented Generation) pipelines.\n * Sanitization: The provided patterns do not include sanitization or filtering of the retrieved Markdown/text content to prevent malicious instructions from being executed by the LLM.\n- [EXTERNAL_DOWNLOADS] (SAFE): The skill references the installation of the exa_py (Python) and exa-js (Node.js) libraries from standard public registries (PyPI and npm). These are official SDKs for the Exa.ai service.\n- [DATA_EXFILTRATION] (SAFE): Network operations are directed towards api.exa.ai. This is the primary intended behavior of the search skill and does not constitute unauthorized data exposure.

exa-search