exa-web-search-free
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill integrates with Exa AI using official configuration URLs (https://mcp.exa.ai/mcp). These are standard endpoints for the Exa search service, a well-known tool for LLM-based web retrieval.
- [SAFE]: External references point to legitimate infrastructure, including the official Exa Labs GitHub repository (exa-labs/exa-mcp-server) and the verified npm package (exa-mcp-server).
- [SAFE]: There are no hardcoded credentials, malicious scripts, or obfuscated code patterns. The skill follows best practices by guiding the user to configure the MCP server dynamically rather than embedding sensitive keys.
- [SAFE]: The skill exhibits an indirect prompt injection surface by processing external web content and code documentation. This risk is documented and is an inherent feature of search-based AI skills, where the agent is expected to summarize untrusted third-party data.
Audit Metadata