Skills
skills/oimiragieo/agent-studio/exa-monitor/Gen Agent Trust Hub

exa-monitor

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from external web searches.
  • Ingestion points: Web search results (titles, snippets, and highlights) are retrieved from the Exa search engine via the mcp__Exa__web_search_exa tool.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when writing to or reading from the exa-digest.md file.
  • Capability inventory: The agent has access to Bash, Write, and CronCreate, which could be targeted if a search result contains malicious instructions that the agent follows during the summarization phase.
  • Sanitization: The skill performs basic slicing of text for summaries but does not sanitize or escape content for safety before storage or re-processing.
  • [COMMAND_EXECUTION]: The skill uses the Bash and Write tools to interact with the local filesystem and environment.
  • Evidence: The skill logic involves reading from .env and managing a digest file located at .claude/context/memory/named/exa-digest.md using standard file operations.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 04:49 PM