exa-unified-research
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed to improve web research capabilities by routing queries through the Exa search engine. It provides detailed reference files for various research domains (e.g., academic papers, financial filings, social media sentiment) and establishes clear rules for tool selection and parameter tuning. While the skill instructs the agent to prefer these tools over built-in search functions for specific tasks, this is presented as a functional optimization rather than a malicious attempt to bypass safety protocols or ignore system instructions.
- [INDIRECT_PROMPT_INJECTION]: As a web research and retrieval tool, the skill naturally ingests untrusted data from external websites via tools like
web_fetch_exa. - Ingestion points: Data enters the context through
web_search_exa,web_search_advanced_exa, andweb_fetch_exa(referenced across all markdown files). - Boundary markers: The instructions do not explicitly mandate the use of XML delimiters or specific boundary markers when processing retrieved content, although they do advise on distilling and summarizing the output.
- Capability inventory: The skill does not possess dangerous capabilities such as local file writing, subprocess execution, or privilege escalation.
- Sanitization: There is no explicit requirement for the agent to sanitize or escape retrieved content before interpolation into its response. This is a common surface for indirect prompt injection in research tools and is mitigated by the agent's internal safety filters.
Audit Metadata