Skills
skills/joelazar/kagi-skills/kagi-enrich/Gen Agent Trust Hub

kagi-enrich

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads pre-built binaries and checksum files from the author's official GitHub repository (github.com/joelazar/kagi-skills) when a compatible Go environment is not available for local compilation.
  • [COMMAND_EXECUTION]: A shell wrapper script is used to determine the execution path, verify binary integrity using shasum, and execute the final Go binary.
  • [DATA_EXFILTRATION]: Search queries and the KAGI_API_KEY are transmitted to Kagi's official API endpoints (kagi.com) to provide the search functionality.
  • [PROMPT_INJECTION]: The skill processes untrusted web content (titles and snippets) which presents a surface for indirect prompt injection. \n
  • Ingestion points: Results from Kagi API in main.go. \n
  • Boundary markers: Results are delimited by text headers. \n
  • Capability inventory: Subprocess execution via wrapper script and network access via Go binary. \n
  • Sanitization: HTML unescaping is performed, but no filtering for instructional injection patterns is applied.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 08:23 PM