exa-known-pitfalls

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (Step 3: "Handle Content Retrieval Separately") instructs using exa.search_and_contents and get_contents to fetch full text from web search results (including examples using arxiv.org URLs), so the agent will ingest and act on untrusted public third‑party content.