exa-people-research
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted external data retrieved from web searches.
- Ingestion points: Data enters the agent context through the
exa-search__web_search_advanced_exatool results and thebrowsertool output (SKILL.md). - Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the guidelines for handling search results.
- Capability inventory: The skill utilizes a search tool and suggests the use of a browser tool with active sessions for accessing auth-gated profiles.
- Sanitization: The instructions do not specify any validation, filtering, or sanitization of the content retrieved from external websites.
Audit Metadata