exa-reference-architecture

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill directly fetches and ingests public web content via exa.searchAndContents and exa.findSimilarAndContents (e.g., github.com, stackoverflow.com, arxiv.org) and injects the retrieved text into the LLM context in ragSearch, so untrusted third-party pages could provide instructions that influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill calls exa.searchAndContents/profiledSearch with includeDomains (e.g., 'github.com') and then builds LLM context from results.results (r.text), so content fetched at runtime from external URLs such as https://github.com can directly control prompts.