tavily-crawl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly crawls arbitrary public URLs (see SKILL.md Quick Start and API Reference calling https://api.tavily.com/crawl and scripts/crawl.sh), returns raw_content/chunks from those pages, and recommends feeding those results into LLM context for "agentic use," meaning untrusted third‑party web content can influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs remote operations at runtime—notably invoking "npx -y mcp-remote https://mcp.tavily.com/mcp" which fetches and executes remote code and also posts to "https://mcp.tavily.com/mcp" to obtain crawl results that are injected into the agent/context—so the mcp.tavily.com endpoint is a runtime external dependency that can execute code or control agent inputs.