exa-search
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill introduces a vulnerability surface for indirect prompt injection by retrieving untrusted data from the internet.\n
- Ingestion points: Web data is ingested into the agent's context via
scripts/exa_search.py,scripts/exa_contents.py,scripts/exa_research.py,scripts/exa_research_async.py, andscripts/exa_similar.py.\n - Boundary markers: The scripts do not automatically include delimiters or specific instructions for the agent to isolate or ignore potentially malicious content within the fetched data.\n
- Capability inventory: The skill enables network communication with the Exa AI API (
api.exa.ai) using therequestslibrary. No dangerous capabilities such as local file writing or arbitrary command execution were found.\n - Sanitization: No sanitization is performed on the content retrieved from the web before it is passed to the agent.
Audit Metadata