ultimate-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs live web searches and page scrapes—e.g., scripts/grok-search.sh (calls grok2api → Grok web), scripts/tavily-search.sh and scripts/web-map.sh (call TavilyProxyManager → Tavily), and scripts/web-fetch.sh (Tavily Extract → FireCrawl)—and SKILL.md requires the agent to read and act on those results for decisions and cross‑validation, so arbitrary third‑party web content can materially influence the agent.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill exposes a runtime facility (web-fetch.sh / web-map.sh) that fetches arbitrary external pages via the Tavily extract endpoint (POST $TAVILY_API_URL/extract — e.g. http://127.0.0.1:8200/extract which proxies to https://api.tavily.com) and falls back to the FireCrawl scraping API (https://api.firecrawl.dev/v2/scrape), and those fetched raw page contents are returned for the agent to ingest—meaning remote-hosted prompt/instruction files could be fetched at runtime and directly influence the agent's behavior.