kagi-session2api-mcp-server

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly exposes the agent to open web content via the kagi_search_fetch and kagi_summarizer tools (e.g., "Search for ..." and "Summarize https://example.com/long-article", Research Assistant Pattern summarizing arXiv pages), so the agent will fetch and read arbitrary public URLs and search results that could contain untrusted, user-generated instructions influencing its actions.