exa

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's scripts (scripts/search.sh and scripts/content.sh) call Exa's public APIs (https://api.exa.ai/search and https://api.exa.ai/contents) to fetch/search and extract full text from arbitrary public URLs and categories like tweets, personal sites, and GitHub, meaning the agent ingests untrusted third-party/user-generated web content that could influence its decisions.