A
92/100 First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
1
Score
92/100
MEDIUM 1
Findings (1)
MEDIUM
External API response drives agent behavior
L8 Detects skills where external API responses control agent decisions or actions
call Kagi’s API + based on the return FIX
Do not include content from MCP tool responses verbatim in system prompts or tool descriptions. Sanitize all dynamic content before incorporating it into prompt context.
FP?
Likely FP if the match is a static tool description that mentions dynamic content handling in its documentation, not an actual injection vector.