kagi-fastgpt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly sends queries to Kagi's FastGPT API (main.go: callFastGPT posts to https://kagi.com/api/v0/fastgpt and SKILL.md describes "runs a full web search under the hood"), which synthesizes answers from live web pages and returns cited references, so the agent consumes and acts on untrusted third‑party web content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The wrapper script can, at runtime, fetch and execute a pre-built binary from the project's GitHub releases (it queries https://api.github.com/repos/joelazar/kagi-skills/releases/latest and downloads from https://github.com/joelazar/kagi-skills/releases/download/${TAG}/${BINARY}), which means remote code is retrieved and executed as a required dependency.