tavily-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls and ingests content from arbitrary public web sources via search/extract/crawl/map/research (see SKILL.md quick reference and references/crawl.md, references/extract.md, references/research.md) and shows agent workflows that read those results and synthesize actions/summaries, so untrusted third‑party content can materially influence tool decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The Google ADK integration explicitly configures an MCPToolset with url="https://mcp.tavily.com/mcp/", which is contacted at runtime to provide tool responses and drive agent behavior (i.e., remote tool execution that can influence prompts/instructions), so this runtime endpoint is a risky external dependency.