ultimate-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to perform live web searches and fetch arbitrary public URLs (e.g., scripts/web-fetch.sh calling Tavily Extract and FireCrawl, scripts/tavily-search.sh and scripts/web-map.sh, and SKILL.md/README directing the agent to use these tools), so the agent ingests untrusted third‑party web content that can directly influence its decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's web-fetch flow fetches arbitrary external webpages at runtime (e.g. https://docs.python.org/3/whatsnew/3.13.html) via the Tavily proxy and can fall back to the external FireCrawl API (https://api.firecrawl.dev/v2/scrape), and the fetched Markdown/raw content is injected into the agent's outputs/context—meaning remote page content can directly influence agent prompts/instructions.