kimi-tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and scripts (scripts/kimi_fetch.py and scripts/kimi_search.py with enable_page_crawling) explicitly fetch and ingest page content from arbitrary public URLs via the Kimi /fetch and /search APIs, meaning untrusted, user-generated web content is read and can influence the agent's processing and actions.