exa-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill (SKILL.md) and accompanying scripts (scripts/exa_search.py and scripts/exa_contents.py) explicitly call Exa's public Search and Contents APIs (POST https://api.exa.ai/search and /contents) to fetch highlights, full text, and summaries from arbitrary public webpages/URLs (user-provided domains/queries), which the agent ingests and uses to select sources, extract quotes, and drive follow-up actions—exposing it to untrusted third-party content that could carry indirect prompt injection.