exa-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s runtime workflow can fetch and ingest outsider-authored public web content via web_search_exa/web_fetch_exa (search results and full page text from arbitrary URLs), which then gets summarized and compiled into the agent’s LLM context—an indirect prompt-injection risk.