The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructions refer to the 'Exa MCP Server' and 'gemini CLI' (via searching-web) as external tools for search operations. These are documented as standard search utilities and do not involve direct script execution from untrusted sources within the analyzed files.
[PROMPT_INJECTION]: The skill body and instructions were analyzed for bypass markers or jailbreak attempts. No patterns of direct prompt injection or instructions to override safety filters were found.
[DATA_EXFILTRATION]: While the skill includes tools like crawling_exa for content retrieval from URLs and web_search_advanced_exa for general search, these are standard functionalities for a search-oriented skill. No evidence of hardcoded credentials or unauthorized data transmission was detected.
[COMMAND_EXECUTION]: The instructions demonstrate tool-call patterns for an MCP server. No dangerous system commands, privilege escalation attempts (sudo), or unauthorized file system modifications were observed.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest external data from the web (search results, crawled pages, and code snippets).
Ingestion points: Data enters the agent context through search results from web_search_advanced_exa, get_code_context_exa, and direct page content via crawling_exa (referenced in INSTRUCTIONS.md).
Boundary markers: The provided examples do not explicitly define boundary markers or 'ignore embedded instructions' prompts for handling the retrieved content.
Capability inventory: The skill can search the web, crawl specific URLs, and delegate tasks to a sub-agent using a Task() function.
Sanitization: No explicit sanitization or filtering logic for untrusted web content is described in the markdown files.
Note: As per standard analysis rules, this category indicates a potential attack surface inherent to search skills, but does not indicate a specific finding of high severity.

searching-with-exa