exa-policy-guardrails
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill includes boilerplate Python code for implementing security best practices, such as domain filtering, result freshness checks, and API usage quotas.
- [DATA_EXFILTRATION]: No evidence of credential harvesting or unauthorized data transmission was found. The skill suggests using Redis for usage tracking, which is a standard architecture for rate limiting.
- [REMOTE_CODE_EXECUTION]: The skill does not contain instructions to download or execute external scripts. The frontmatter includes a restriction on Bash usage to
npxcommands, which is a platform-level configuration and not a vulnerability. - [PROMPT_INJECTION]: The skill is designed to process external web data retrieved via the Exa API, creating a surface for indirect prompt injection. However, the skill's purpose is to provide the sanitization logic needed to mitigate such risks.
- Ingestion points: External search results ingested via
exa.searchinSKILL.mdexamples. - Boundary markers: None explicitly implemented in the code examples to distinguish search results for the LLM.
- Capability inventory: The skill environment permits file operations (
Read,Write,Edit) and shell access (Bash). - Sanitization: Implements domain blocklists, medical-specific allowlists, and regex-based query pattern validation to filter harmful or irrelevant content.
Audit Metadata