exa-policy-guardrails

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly uses exa.search to retrieve results from the open web ("Exa searches the open web") and instructs the agent to read, filter, and act on those search results (filter_results, enforce_freshness, combined policy flow), so untrusted third-party content is ingested and can influence subsequent decisions.