tavily-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill calls Tavily's web search API to fetch public web content (see SKILL.md examples and the scripts/search.sh flow) and can return raw page content via the "include_raw_content" option and the response "content"/"structuredContent" fields, so untrusted third-party webpages could be ingested and influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes npx -y mcp-remote and makes runtime requests to https://mcp.tavily.com/mcp (via curl and the npx-launched helper) which causes remote code to be fetched/executed and returns JSON/SSE content that is injected into the agent's output, so https://mcp.tavily.com/mcp is a runtime external dependency that can directly drive behavior.