exa
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill connects to api.exa.ai to perform neural searches and retrieve webpage content. Exa is a well-known AI service and this connection is required for the skill functionality.\n- [DATA_EXFILTRATION]: User search queries and the EXA_API_KEY are transmitted to Exa AI via POST requests. This is standard operation for the search tool and does not involve sensitive local file access.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it processes untrusted data from arbitrary websites via search results.\n
- Ingestion points: Data enters the agent context through the outputs of scripts/search.sh, scripts/code.sh, and scripts/content.sh.\n
- Boundary markers: The output from the Exa API is not wrapped in specific delimiters or instructions to ignore embedded commands.\n
- Capability inventory: The skill uses curl for network communication and jq for JSON manipulation; it does not possess file-writing or code-execution capabilities.\n
- Sanitization: Web content is retrieved and passed to the agent without filtering or sanitization of potentially malicious instructions.
Audit Metadata