kimi-tools
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because its primary function involves processing untrusted content from external websites and search results.
- Ingestion points: Data enters the agent context through
scripts/kimi_fetch.py(external web content) andscripts/kimi_search.py(external search results). - Boundary markers: The scripts output data in JSON format, which provides structural separation, though no explicit delimiters are added to instruct the agent to ignore embedded commands within retrieved text.
- Capability inventory: The tools are restricted to making authenticated HTTP POST requests to the Kimi API; they do not perform shell execution or local file system modifications.
- Sanitization: External content is passed directly from the API response to the agent without filtering.
- [EXTERNAL_DOWNLOADS]: The skill communicates with
api.kimi.com(Moonshot AI), a well-known service provider, to perform search and content fetching. This network activity is consistent with the skill's stated purpose and uses standard, secure methods.
Audit Metadata