exa-financial-report-search

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script scripts/financial_report_search.py to perform financial searches via the Exa API.
  • [SAFE]: The skill handles an EXA_API_KEY. It correctly instructs users to manage this secret via environment variables or a .env file, which is a secure practice.
  • [COMMAND_EXECUTION]: The script scripts/financial_report_search.py dynamically calculates and modifies sys.path to load dependencies from a local _shared directory. This is a standard pattern for code sharing within the vendor's repository.
  • [PROMPT_INJECTION]: The skill processes user-supplied search queries, which represents an indirect prompt injection surface. Ingestion points: Search query arguments passed to scripts/financial_report_search.py. Boundary markers: No explicit delimiters or instructions are used to isolate user-provided queries within the script. Capability inventory: The skill performs network operations to the Exa API. Sanitization: No explicit sanitization of the query string is performed in the wrapper script.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:52 PM
Security Audit — agent-trust-hub — exa-financial-report-search