exa-search
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows secure patterns for API integration.
- Authentication: Uses environment variables ("$EXA_API_KEY") rather than hardcoded secrets.
- Communication: Interacts with official endpoints ("https://api.exa.ai") to perform searches.
- Functionality: Provides standard cURL examples consistent with its stated purpose as a search integration skill.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its core function of ingesting web content.
- Ingestion points: Web search results, highlights, and summaries returned from the "POST https://api.exa.ai/search" endpoint (SKILL.md).
- Boundary markers: No explicit markers are used in the provided cURL examples to delimit search results from agent instructions.
- Capability inventory: The skill allows for the retrieval of full page text and structured data, which an agent may process to influence its next steps.
- Sanitization: No sanitization of the external web content is specified in the skill's instructions.
Audit Metadata