exa

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly integrates with Exa (a web search engine) and shows Membrane actions such as "search" and "get-contents" and examples using membrane action run to fetch web content for the agent to read and act on (see "Exa Overview", "Searching for actions", and "Popular actions / Get Contents"), which clearly exposes the agent to untrusted public web content that could carry indirect prompt-injection.