tavily-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's tavily tools (see SKILL.md) and command-line scripts (e.g., scripts/extract.mjs, scripts/crawl.mjs, scripts/search.mjs, scripts/research.mjs) explicitly fetch and ingest raw_content and search results from arbitrary public URLs/sites via the Tavily API, which the agent is expected to read and can materially influence subsequent actions.