exa-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.95). The skill’s required runtime workflow uses Exa MCP tools like web_search_exa/get_code_context_exa and especially crawling_exa(url) to fetch and extract arbitrary public web page text (outsider-authored free-form content) into the agent’s LLM context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's MCP configuration requires running "npx exa-mcp-server" which fetches and executes remote code from the npm package (e.g. https://www.npmjs.com/package/exa-mcp-server), so it relies on a runtime-executed external dependency that can control agent behavior.