exa-search
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill instructions proactively mitigate security risks by explicitly forbidding the agent from using shell tools like Bash or file system commands (Read/Write) to process untrusted web content, mandating the use of specific search and fetch tools instead.
- [COMMAND_EXECUTION]: The skill makes use of an external MCP server (
mcp.exa.ai) and includes logic to write research results to the local filesystem (./exa-results/). These actions are clearly defined as part of the skill's reporting functionality. - [PROMPT_INJECTION]: The skill processes untrusted web data, which is an inherent surface for indirect prompt injection. This risk is managed through detailed instructions for AI-driven filtering, source quality assessment, and a restricted toolset for subagents.
- Ingestion points: Retreives search snippets and full-page content via the Exa API tools.
- Boundary markers: Uses task-specific prompts for subagents but lacks explicit XML-style markers or 'ignore' wrappers for retrieved data.
- Capability inventory: Authorized for web searches, page fetches, and local report writing.
- Sanitization: Employs systematic thematic clustering and quality evaluation rules to minimize the impact of unreliable or malicious content.
Audit Metadata