exa-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's scripts (e.g., scripts/exa_search.py, scripts/exa_contents.py, and scripts/exa_research.py) explicitly fetch and ingest content from arbitrary public URLs and web search results via Exa's /search, /contents, and /answer endpoints (including livecrawl, RAG context, and highlights), and then use that content to build context and synthesize answers—so untrusted third‑party content can directly influence agent reasoning and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's scripts make runtime calls to Exa's API (https://api.exa.ai — e.g. /contents, /search, /answer, /research/v1) to fetch web page content and context strings that are intended to be injected into RAG/model prompts, meaning remote content can directly influence agent prompts and the API is a required runtime dependency.