exa

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.95). Outsider-authored free text can be ingested because scripts/search.sh/scripts/code.sh/scripts/content.sh call Exa endpoints (/search and /contents) with user-supplied queries/URLs and request text: true, so Exa returns scraped web content that the agent would place into the LLM context.