exa-search
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The installation command
npx skills add -g BenedictKing/exa-searchdownloads and executes code from a repository belonging to an untrusted GitHub user (BenedictKing). Per the safety policy, only specific organizations like OpenAI, Anthropic, or Google are considered trusted by default. Any third-party installation carries the risk of executing malicious code if the repository is compromised or created with malicious intent. - Indirect Prompt Injection (LOW):
- Ingestion points: The skill performs semantic searches and retrieves content via the Exa API, which serves as an entry point for untrusted external data.
- Boundary markers: None specified in the documentation. There are no explicit instructions to the agent to ignore potentially malicious prompts embedded in the search results.
- Capability inventory: The skill is designed to find and process similar content and research papers, which can be interpreted by the LLM.
- Sanitization: The documentation does not specify any sanitization or filtering of the search results before they are presented to the agent, creating a surface for indirect prompt injection attacks.
Audit Metadata