tavily

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly sends queries and arbitrary URLs to the Tavily API (see scripts/search.mjs calling https://api.tavily.com/search and scripts/extract.mjs calling https://api.tavily.com/extract, and the SKILL.md "Extract content from URL" note) and returns AI-generated answers and raw web page content from public sites that the agent prints and would read/act on, which exposes it to untrusted third-party content that could carry indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls Tavily's runtime API endpoints (https://api.tavily.com/search and https://api.tavily.com/extract) and prints the API's returned "answer" and extracted content directly into agent output, meaning remote content fetched at runtime can directly control prompts or instructions and is a required dependency (TAVILY_API_KEY).