Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/exa-debug-bundle/Gen Agent Trust Hub

exa-debug-bundle

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXPOSURE]: The skill accesses sensitive local files such as .env and npm log files (~/.npm/_logs/*.log) to collect diagnostic data.
  • Evidence: The script uses cat .env 2>/dev/null | sed 's/=.*/=***REDACTED***/' to ensure that values assigned to keys in the .env file are removed before being added to the debug bundle.
  • Evidence: The script uses echo "EXA_API_KEY: ${EXA_API_KEY:+[SET]}" which only reports whether the key is set without revealing its content.
  • [COMMAND_EXECUTION]: The skill utilizes Bash to create directories, perform file redaction, package archives using tar, and execute network health checks.
  • [EXTERNAL_DOWNLOADS]: The skill performs a network connectivity test to https://api.exa.com/health. This is the official API endpoint for the service and is used solely for health checking purposes.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 02:12 PM
Security Audit — agent-trust-hub — exa-debug-bundle