exa-search
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script
scripts/exa_search.pyperforms POST requests tohttps://api.exa.ai. This is the intended behavior for interacting with the Exa AI search service. - [SAFE]: Configuration handling follows best practices by supporting environment variables (
EXA_API_KEY,EXA_API_KEYS) and local JSON files. Documentation correctly uses placeholders (e.g.,YOUR_EXA_API_KEY) to prevent accidental credential disclosure. - [SAFE]: No instances of prompt injection, code obfuscation, or unauthorized file access were found in the provided files.
- [SAFE]: The skill retrieves external web content (Indirect Prompt Injection surface), but it lacks dangerous capabilities like shell command execution or script evaluation that would make such content exploitable.
Audit Metadata