tavily

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly calls Tavily's web APIs (see scripts/search.mjs -> https://api.tavily.com/search and scripts/extract.mjs -> https://api.tavily.com/extract) and SKILL.md directs the agent to read and act on the returned AI-optimized snippets and extracted full article text from arbitrary public web pages, i.e., untrusted third‑party content that can influence subsequent decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's runtime scripts call https://api.tavily.com/search and https://api.tavily.com/extract (using TAVILY_API_KEY) and directly use the API's returned "answer" and extracted content in the agent output/context, so remote content can directly influence agent prompts.