Exa Company Research

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward company-research skill that uses Exa search, with a small privacy consideration around optional local marketing context.

Before installing, confirm you trust the local Exa CLI helper and review any product-marketing context file for sensitive information. Avoid using confidential strategy or target details unless you are comfortable with related search terms being sent to Exa.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Low

Confidence: 92% confidence
Finding: The skill instructs the agent to read a local product-marketing context file before performing company web research, even though that file is outside the direct scope of the requested task. This creates unnecessary access to potentially sensitive local context and can influence the agent's output with unrelated internal data, increasing the risk of unintended disclosure or prompt-context contamination.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal