tavily-best-practices

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes examples that embed API keys directly (Authorization: Bearer tvly-YOUR_API_KEY and client constructors with "tvly-YOUR_API_KEY"), which encourages placing secrets verbatim into generated code/commands and risks secret exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's documentation and workflow (SKILL.md plus references/api-extract.md and references/api-crawl.md) describe using the Tavily Search/Extract/Crawl/Map/Research APIs to fetch and ingest arbitrary public URLs (returning raw_content, chunks, and honoring natural-language "instructions"), so untrusted third-party web content can be read and directly influence agent decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly configures a remote MCP server at https://mcp.tavily.com/mcp/?tavilyApiKey=tvly-YOUR_API_KEY which is contacted at agent runtime to provide Model Context Protocol data and default parameters (e.g., searchDepth) that directly influence agent prompts/behavior.