kagi-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill performs web searches via the Kagi Search API (see API_BASE "https://kagi.com/api/v0/search" in scripts/kagi-search.py and the SKILL.md description), ingests titles/snippets/URLs from arbitrary public websites/search results (untrusted third-party content) and formats/displays them for use, so those external pages could indirectly inject instructions that influence the agent's next actions.