Skills
skills/marcioaltoe/skills/exa-web-search-free/Gen Agent Trust Hub

exa-web-search-free

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill connects to the official Exa MCP server hosted at mcp.exa.ai to process search requests and retrieve information from the web.
  • [COMMAND_EXECUTION]: Instructions involve using the mcporter CLI to configure the search environment and execute tool calls for web and code search.
  • [PROMPT_INJECTION]: Like any tool that retrieves data from the open web, this skill presents an indirect prompt injection surface where content from search results could potentially contain instructions intended to influence the AI.
  • Ingestion points: External data enters the agent context via search results in web_search_exa, code context in get_code_context_exa, and web page content in crawling_exa.
  • Boundary markers: No specific delimiters or "ignore" instructions are used to wrap search results in the provided examples.
  • Capability inventory: The skill utilizes the mcporter tool to interact with remote search capabilities.
  • Sanitization: No explicit sanitization or filtering of the retrieved web content is performed before it is presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 02:06 AM
Security Audit — agent-trust-hub — exa-web-search-free