gemini-tavily-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly performs web searches against public providers (Gemini with google_search grounding in scripts/gemini_tavily_search.sh, which extracts grounding_chunks.web.uri and snippets in normalize_gemini_to_tavilyish_json, and Tavily via scripts/tavily_search.sh calling https://mcp.tavily.com/mcp), returns untrusted public webpage results/snippets to the agent, and the agent is expected to read and base its answers on that content — creating a clear avenue for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The tavily OAuth fallback runs npx -y mcp-remote https://mcp.tavily.com/mcp at runtime, which downloads and executes remote npm package code (remote code execution risk) while using the https://mcp.tavily.com/mcp endpoint—this is a clear runtime fetch-and-execute external dependency.