research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and the bundled script scripts/tavily-cli.ts explicitly call Tavily's web search API (https://api.tavily.com/search) to fetch results and optional raw page content from public websites (via --raw, include/exclude domain options), and the workflow instructs the agent to read and synthesize those third-party sources to inform decisions, so untrusted web content can influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The bundled CLI calls https://api.tavily.com/search at runtime (using the TAVILY_API_KEY) and returns AI-generated "answer" and raw page content (via --raw/--json) that can be injected into model context and thus directly influence prompts/outputs, and the skill requires this external API to operate.