exa-search

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill follows secure patterns for API integration.
  • Authentication: Uses environment variables ("$EXA_API_KEY") rather than hardcoded secrets.
  • Communication: Interacts with official endpoints ("https://api.exa.ai") to perform searches.
  • Functionality: Provides standard cURL examples consistent with its stated purpose as a search integration skill.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its core function of ingesting web content.
  • Ingestion points: Web search results, highlights, and summaries returned from the "POST https://api.exa.ai/search" endpoint (SKILL.md).
  • Boundary markers: No explicit markers are used in the provided cURL examples to delimit search results from agent instructions.
  • Capability inventory: The skill allows for the retrieval of full page text and structured data, which an agent may process to influence its next steps.
  • Sanitization: No sanitization of the external web content is specified in the skill's instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 02:12 AM
Security Audit — agent-trust-hub — exa-search