kagi-summarizer
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The shell wrapper
kagi-summarizer.shdownloads a pre-built binary from the author's GitHub repository (github.com/joelazar/kagi-skills) if a local Go environment is not available for compilation. This download is verified against a checksum provided in the release. - [COMMAND_EXECUTION]: The skill executes the compiled binary
kagi-summarizerto handle API communication and data processing. - [DATA_EXFILTRATION]: Content from user-provided URLs or raw text is transmitted to
kagi.com. This is necessary for the summarization service and is clearly documented. - [INDIRECT_PROMPT_INJECTION]: The skill processes content from external URLs or user-supplied text.
- Ingestion points: Content is ingested via CLI arguments or standard input in
main.go. - Boundary markers: None identified; the text is passed as a JSON field to the summarizer API.
- Capability inventory: The skill's output is limited to printing the API-generated summary to standard output; it does not execute the resulting text.
- Sanitization: No content sanitization is performed prior to sending data to the Kagi API.
Audit Metadata