Skills
skills/sickn33/antigravity-awesome-skills/exa-search/Gen Agent Trust Hub

exa-search

Warn

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill specifies installation via 'npx skills add -g BenedictKing/exa-search', which downloads code from a third-party GitHub repository.
  • [REMOTE_CODE_EXECUTION]: Installing and running code from an external, community-maintained repository involves executing remote logic that is not verifiable from the skill definition.
  • [PROMPT_INJECTION]: The skill ingests untrusted search results and content summaries from the Exa API, which may contain adversarial instructions.
  • Ingestion points: External web content and semantic embeddings retrieved from the Exa API (SKILL.md).
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the skill instructions.
  • Capability inventory: Semantic search, similar content discovery, and structured data retrieval from external sources.
  • Sanitization: The instructions do not mention sanitization, filtering, or validation of the content retrieved from the Exa API.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 14, 2026, 06:31 PM