exa

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt shows and instructs using a command that sets an API token directly on the command line (exa-cli auth set "your-token"), which requires embedding the secret verbatim in commands/outputs and therefore risks exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs using exa-cli to search the web and fetch page contents (e.g., exa-cli search query, exa-cli contents get --urls, exa-cli answer query) which ingest arbitrary public web pages and search results that the agent reads and uses to generate answers, exposing it to untrusted third‑party content that could carry indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The setup includes a runtime command that fetches and executes remote code (curl -fsSL https://bun.sh/install | bash), which runs remote code required to install the CLI.