exa-plus

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly sends queries to and retrieves page contents from the open web via Exa's APIs (scripts/search.sh calls https://api.exa.ai/search for news/people/github/tweet results and scripts/content.sh posts user-provided URLs to https://api.exa.ai/contents to extract full text), meaning it ingests untrusted, user-generated third-party content that could contain indirect prompt injection.