exa-search
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
uv run --with exa-pyto execute its scripts, which involves downloading the officialexa-pypackage from a standard registry. This is a secure method for managing dependencies for a well-known service. - [SAFE]: Authentication is handled correctly via the
EXA_API_KEYenvironment variable. The skill includes guidance on using.envfiles for local secret management, which is a recommended practice. - [SAFE]: Network activity is limited to the legitimate Exa API endpoints for search and extraction, fulfilling the skill's stated purpose without suspicious data exfiltration.
- [SAFE]: While the skill ingests content from external web pages, it provides the agent with structured instructions to parse the output and synthesize responses with citations, reducing risks associated with untrusted data.
- [SAFE]: The instruction templates use standard shell command patterns with placeholders for user arguments. There are no patterns suggesting malicious command injection or dynamic execution from untrusted sources.
Audit Metadata