web-search-exa

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill provides instructions for the agent to read the api_key and api_base from ~/.gooseworks/credentials.json. While this file is a sensitive credential store, the access is required for the skill to authenticate with its own backing service.
  • [COMMAND_EXECUTION]: The skill utilizes python3 -c to extract configuration values and curl to interact with the Exa API. These are standard operations for tool initialization and execution within the agent's environment.
  • [EXTERNAL_DOWNLOADS]: The skill fetches external web data, search results, and page summaries from exa.ai and gooseworks.ai to fulfill user requests. These network operations are consistent with the skill's purpose as a search tool.
  • [PROMPT_INJECTION]: The skill processes untrusted content from the web, creating an indirect prompt injection surface.
  • Ingestion points: External search results, extracted page contents, and synthesized summaries.
  • Boundary markers: No explicit boundary markers or "ignore embedded instructions" warnings are provided in the prompts.
  • Capability inventory: The skill allows shell command execution via curl and environment variable manipulation via export.
  • Sanitization: No evidence of content sanitization or filtering of external data before it enters the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:18 AM
Security Audit — agent-trust-hub — web-search-exa