exa-search

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt explicitly supports and documents passing an API key as a command-line flag or appending it to the request URL (e.g., ?exaApiKey=...), which would require the agent/LLM to insert the secret verbatim into generated commands/requests, creating an exfiltration risk (even though an env-var option exists).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — the skill (SKILL.md and scripts/search.mjs) POSTs to the external Exa MCP endpoint (https://mcp.exa.ai/mcp) to run web_search_exa and parses result.content[].text from the streaming response, thereby ingesting untrusted public web search results that could contain instructions which influence subsequent agent behavior.