tavily-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md defines tavily_search and tavily_extract which fetch and extract content from arbitrary public web URLs and search results (news/public websites) and instructs the agent to read and use those results to form claims/citations, exposing it to untrusted third‑party content that could contain indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The tavily_extract tool explicitly fetches arbitrary web URLs at runtime and injects the extracted page content into the agent's context (i.e., URLs passed to tavily_extract), which can directly control prompts or carry prompt-injection instructions.