mcp-exa-search

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These URLs are high-risk because they direct you to run a remote install.sh hosted in an unfamiliar GitHub repo (direct .sh downloads / curl|sh are a common malware vector) and reference an unfamiliar service domain (mcp.exa.ai) that could serve executables or tool manifests.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly exposes tools webSearchExa and getCodeContextExa that search the open web (and sources like GitHub and Stack Overflow) and "return clean, ready-to-use content" for the LLM, so untrusted third-party content is ingested and can influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes the remote MCP endpoint https://mcp.exa.ai/mcp at runtime (via mh invoke -u https://mcp.exa.ai/mcp), and that service returns content (tool outputs) that the agent incorporates as model input/instructions, so the external URL directly controls prompts and is a required runtime dependency.