get-code-context-exa

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's mandated get_code_context_exa tool explicitly fetches and returns real snippets and documentation from public third-party sources such as GitHub and StackOverflow (and other public technical docs), which the agent is expected to read and interpret, exposing it to untrusted, user-generated content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires calling the runtime tool at https://mcp.exa.ai/mcp?tools=get_code_context_exa, which is invoked during runtime to fetch external content (code snippets/docs) that will be injected into agent context and thus can directly control prompts or cause execution behavior.