exa-web-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and references/examples.md explicitly show tools like web_search_exa, get_code_context_exa (GitHub/StackOverflow), and crawling_exa that fetch and extract content from public websites and arbitrary URLs, which the agent is expected to read and use to drive searches and follow-up actions—exposing it to untrusted third-party content that could inject instructions.