exa-search
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill directs users to install from
BenedictKing/exa-searchvianpx skills add. This source is not on the [TRUST-SCOPE-RULE] list of trusted GitHub organizations or repositories. Users should audit the repository contents before installation. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill's purpose is to perform semantic search and research. By design, it ingests untrusted data from the web via the Exa API. This creates a surface for indirect prompt injection if the search results contain malicious instructions targeting the AI agent's logic.
- [NO_CODE] (INFO): The provided input consists solely of a markdown documentation file. No executable scripts (.py, .js, .sh) or configuration files were included in the analysis package to verify runtime behavior.
Audit Metadata