The Agent Skills Directory

[DATA_EXFILTRATION]: The skill performs network requests to official Kimi API endpoints (api.kimi.com) to search for information and fetch web page content. These operations are required for the skill's primary purpose and use established API services.
[INDIRECT_PROMPT_INJECTION]: The skill provides an attack surface for indirect prompt injection by ingesting data from arbitrary external URLs. 1. Ingestion points: scripts/kimi_fetch.py (via the --url argument) and scripts/kimi_search.py (when including content). 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present in the script logic. 3. Capability inventory: The scripts use the Python urllib library to perform network operations and return data to the agent context. 4. Sanitization: No content sanitization or validation is performed on the data retrieved from the Kimi API before it is printed.

kimi-tools