exa-lead-gen

Warn

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The architecture describes a 'Python CSV compiler' in Step 5 that reads JSON data, removes duplicates, and sorts the output. This indicates that the agent will generate and execute Python code locally to perform these data manipulation tasks.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and processes large volumes of untrusted data retrieved from the web via the Exa search tool. Maliciously crafted content on target websites could potentially influence the behavior of subagents or the CSV compilation process.
  • Ingestion points: Data returned by the exa-deep__deep_search_exa tool, specifically company descriptions, signals, and news.
  • Boundary markers: None explicitly defined to separate untrusted search results from agent instructions.
  • Capability inventory: Local Python script execution (CSV compiler) and file system write access for outputting CSV files.
  • Sanitization: No explicit sanitization or validation of the search results is mentioned before they are processed by the LLM or compiled into the CSV.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 22, 2026, 04:54 AM
Security Audit — agent-trust-hub — exa-lead-gen