exa
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The documentation instructs the agent to execute local bash scripts (scripts/search.sh, scripts/code.sh, and scripts/content.sh) to perform search and content extraction operations.
- [EXTERNAL_DOWNLOADS]: The skill interacts with the Exa AI API (exa.ai) to retrieve search results and web content. Exa is a well-known service for neural search.
- [PROMPT_INJECTION]: The skill processes untrusted external data, which introduces a surface for indirect prompt injection. 1. Ingestion points: Web search results and content extracted from external URLs via scripts/content.sh. 2. Boundary markers: The provided documentation does not specify the use of delimiters or 'ignore' instructions for the retrieved content. 3. Capability inventory: Execution of local scripts to interact with the search API and fetch data. 4. Sanitization: No sanitization or content filtering is mentioned in the provided documentation.
Audit Metadata