Skills
skills/hkuds/cli-anything/cli-anything-exa/Gen Agent Trust Hub

cli-anything-exa

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs users to install software from an external GitHub repository belonging to the author: git+https://github.com/HKUDS/CLI-Anything.git#subdirectory=exa/agent-harness. It also references the PyPI package cli-anything-exa.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process data from external, untrusted web sources via the search and contents commands.
  • Ingestion points: Web search results and full-page text retrieval from arbitrary URLs specified by the user or agent (SKILL.md).
  • Boundary markers: None specified in the instructions to separate untrusted web content from agent instructions.
  • Capability inventory: Provides network access to the Exa API and external websites. It does not appear to have direct file-system write or arbitrary subprocess execution capabilities beyond the search CLI itself.
  • Sanitization: No mention of content sanitization or filtering of instructions embedded in the retrieved web data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 12:01 PM