kagi-search
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from web search results, creating a surface for indirect prompt injection.\n- Ingestion points: Web search results (titles and snippets) from the Kagi Search API.\n- Boundary markers: Uses visual delimiters like '---' and '===' in the output format to separate search results.\n- Capability inventory: Executes a Python script and accesses environment variables.\n- Sanitization: No sanitization of ingested search results is described in the documentation.\n- [COMMAND_EXECUTION]: The setup instructions include system modifications for script execution and configuration persistence.\n- Evidence: Directs the user to use 'chmod +x' to make the Python script executable.\n- Persistence: Recommends adding 'export KAGI_API_KEY' to shell initialization files (~/.bashrc or ~/.zshrc) for environment variable persistence.
Audit Metadata