exa-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — SKILL.md explicitly describes using Exa's /search, /contents, and /answer endpoints (including examples with arbitrary URLs, livecrawl, and returned fields like results[].text, summary, and highlights) to fetch and ingest public web pages and user-generated content that the agent is expected to read and use for answers/research, which could enable indirect prompt injection.