kagi-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill calls the Kagi Search API and fetches/extracts arbitrary public webpage content (see SKILL.md options "--content" and "content " and main.go functions fetchPageContent / runContent), so untrusted third-party pages are ingested and returned to the agent as part of normal workflow and could contain instructions that influence subsequent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The wrapper script downloads and executes a pre-built binary at runtime from the GitHub releases URL (e.g. https://github.com/joelazar/kagi-skills/releases/download/${TAG}/${BINARY}, queried via https://api.github.com/repos/joelazar/kagi-skills/releases/latest), which fetches remote executable code that is then run—this meets the criteria for a high-risk external dependency.