exa-search
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bundled Python script (
scripts/query.py) to communicate with the Exa MCP server. This script is responsible for listing tools and executing search or retrieval requests. - [DATA_EXFILTRATION]: Network communication is established with mcp.exa.ai, a well-known service domain, to transmit search queries and retrieve page content. No unauthorized access to local sensitive files was detected.
- [CREDENTIALS_UNSAFE]: The skill correctly manages sensitive information by using environment variables for the EXA_API_KEY and providing a secure configuration link for the user.
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by design, as it fetches and processes markdown content from the public web. \n
- Ingestion points: External websites accessed via the web_fetch_exa tool. \n
- Boundary markers: None identified in the script's output handling. \n
- Capability inventory: The skill facilitates web search and content retrieval. \n
- Sanitization: No filtering is applied to the fetched markdown before it is passed to the agent.
Audit Metadata