kagi
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill documentation references the use of Kagi session tokens and API keys but provides instructions for secure handling through environment variables or local configuration files, avoiding any hardcoded secrets or sensitive data exposure.
- [COMMAND_EXECUTION]: The skill uses the
kagiCLI tool to perform search, extraction, and assistant tasks. This command execution is consistent with the primary purpose of providing a terminal-based interface for Kagi services. - [PROMPT_INJECTION]: The skill retrieves and processes external content via search and extraction, which creates a surface for indirect prompt injection. This is inherent to the skill's purpose as a research tool.
- Ingestion points: Untrusted data enters the context through
kagi search,kagi extract,kagi news, andkagi summarizecommands (SKILL.md). - Boundary markers: The skill suggests using
--format toon(compact structured data) for LLM context, which assists in maintaining data boundaries. - Capability inventory: The skill uses the
kagiCLI for network-based search, summarization, and account management (SKILL.md). - Sanitization: No specific content sanitization or filtering logic is described in the markdown instructions.
Audit Metadata