exa-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md (see "Exa AI-Powered Web Search" description and Step 3: Execute Search / get-contents using tools/exa_search.py with the exa-py SDK) explicitly performs broad web searches and extracts content from arbitrary public URLs (blogs, docs, news, personal sites), and that extracted untrusted content is read and used to present results and drive follow-up actions, so it could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly runs the helper to fetch arbitrary external pages at runtime (e.g., python3 "$SCRIPT" get-contents "URL1" "URL2" --content text), and that fetched page content is injected into the agent/LLM flow for extraction and summarization, meaning user-supplied remote URLs can directly control prompts and outputs.