exa
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted content retrieved from the web, creating a surface for indirect prompt injection.\n
- Ingestion points:
scripts/exa.pyretrieves content from the Exa AI API search, contents, and context endpoints.\n - Boundary markers: Absent. Content is printed directly to stdout as raw text or JSON.\n
- Capability inventory: Script allows web searching and content extraction; does not possess high-risk command execution or privilege escalation capabilities.\n
- Sanitization: None performed on retrieved web content before presentation to the agent.\n- [Data Exposure & Exfiltration] (LOW): The script performs network operations to
api.exa.ai. While this is the intended service for the skill, the domain is not on the pre-approved whitelist. No hardcoded credentials or access to sensitive local system files (e.g., SSH keys, cloud credentials) were detected.
Audit Metadata