kagi-search
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the download of a pre-built binary from the author's official GitHub repository (github.com/joelazar/kagi-skills). This action is accompanied by a user confirmation prompt and a cryptographic checksum verification (SHA-256) to ensure file integrity.
- [COMMAND_EXECUTION]: The shell wrapper script (kagi-search.sh) manages the execution environment, performing 'go build' if a Go toolchain is detected locally and executing the compiled binary to process searches.
- [SAFE]: The Go source code (main.go) implements industry-standard security practices for web content extraction. Specifically, it uses a custom HTTP client with IP-level validation to block SSRF (Server-Side Request Forgery) attacks by preventing connections to private, loopback, and link-local IP addresses. Additionally, API credentials are managed securely via environment variables and local caches are restricted with appropriate file permissions (0600).
Audit Metadata