exa-financial-report-search
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script
scripts/financial_report_search.pyto perform financial searches via the Exa API. - [SAFE]: The skill handles an
EXA_API_KEY. It correctly instructs users to manage this secret via environment variables or a.envfile, which is a secure practice. - [COMMAND_EXECUTION]: The script
scripts/financial_report_search.pydynamically calculates and modifiessys.pathto load dependencies from a local_shareddirectory. This is a standard pattern for code sharing within the vendor's repository. - [PROMPT_INJECTION]: The skill processes user-supplied search queries, which represents an indirect prompt injection surface. Ingestion points: Search query arguments passed to
scripts/financial_report_search.py. Boundary markers: No explicit delimiters or instructions are used to isolate user-provided queries within the script. Capability inventory: The skill performs network operations to the Exa API. Sanitization: No explicit sanitization of the query string is performed in the wrapper script.
Audit Metadata