exa
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the vendor's command-line tool (
@membranehq/cli) globally via NPM to handle integration logic and authentication. - [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI to execute various operations, including authentication, connection management, and the execution of pre-built or dynamically created actions. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to its core functionality of ingesting and processing data from external web sources via Exa.
- Ingestion points: Data returned from
membrane action run(such as search results and web page content) enters the agent's context (SKILL.md). - Boundary markers: Absent; the instructions do not provide delimiters or warnings to treat external data as untrusted.
- Capability inventory: Includes shell command execution, dynamic action creation, and network-enabled actions via the Membrane platform.
- Sanitization: Absent; content fetched from external sources is processed without validation or filtering.
Audit Metadata