tavily

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly shows authenticating with a command that embeds an API key as a literal command-line argument (tavily login --api-key "tvly-your-api-key"), which encourages asking for and echoing secrets verbatim and is an insecure exfiltration pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and rules/security.md show the Tavily CLI fetches and ingests arbitrary public web content (e.g., "tavily extract 'https://example.com'", search/crawl/map commands that write to .tavily/), meaning untrusted third‑party pages are read as part of research/synthesis workflows and could influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill’s install/runtime instructions fetch and execute code from the remote repository https://github.com/Lag0/tavily-cli.git (and the published package @syxs/tavily-cli via npx/npm), which the skill requires and thus causes external code to be run during setup/runtime.