Skills
skills/eturkes/claude-scientific-skills/exa-search/Gen Agent Trust Hub

exa-search

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses a surface area for indirect prompt injection because its core function is to fetch and process untrusted data from the web.
  • Ingestion points: External data is ingested through scripts/exa_search.py and scripts/exa_extract.py using the Exa API.
  • Boundary markers: The agent instructions in references/web-search.md and references/web-extract.md do not currently specify the use of clear delimiters (like XML tags) or provide explicit warnings for the agent to ignore instructions embedded within the retrieved content.
  • Capability inventory: The agent has the capability to execute shell commands (via uv run) and write files to the local system.
  • Sanitization: There is no specific logic to sanitize or filter the fetched HTML/text content for potentially malicious instructions before presenting it to the agent.
  • [CREDENTIALS_UNSAFE]: The skill correctly handles sensitive information by instructing users to store the EXA_API_KEY in environment variables or a .env file, which is a standard and recommended security practice.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 05:13 AM