exa

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's scripts (scripts/search.sh and scripts/content.sh) explicitly call Exa's public APIs (https://api.exa.ai/search and /contents) to fetch and extract text from arbitrary public URLs and categories including tweets, personal sites, GitHub, and PDFs, so untrusted third-party content is read and can materially influence agent decisions.