exa-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md shows the agent using the Exa API (exa_search, exa_find_similar, exa_get_contents / exa_search_and_contents) to fetch and extract full text, highlights, and summaries from open web sources (news, arXiv, GitHub, personal sites, tweets, arbitrary URLs) and then ingest that content into workflows (knowledge bases, recommendations, trend analysis), meaning untrusted third-party content is read and can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's .codebuddy/mcp.json config instructs runtime execution of "npx -y @exa-labs/exa-mcp-server" (which fetches and runs code from the npm registry), so it fetches and executes remote code as a required runtime dependency.