search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs web searches via the Tavily Search API (POST https://api.tavily.com/search) and SKILL.md shows it returns page snippets or full page text (e.g., the include_raw_content option and the "content" field in the response), meaning the agent ingests arbitrary public web content that could contain user-generated or untrusted instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill invokes "npx -y mcp-remote https://mcp.tavily.com/mcp" at runtime to perform the OAuth flow, which causes npx to fetch and execute remote package code (and contacts https://mcp.tavily.com/mcp), so this is a runtime external dependency that executes remote code.