crawl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill accepts arbitrary public URLs in the "url" field and uses the Tavily crawl API (POST https://api.tavily.com/crawl) to fetch and return untrusted page content (the "raw_content" results) which is explicitly recommended to be fed into agentic LLM workflows, enabling indirect prompt injection from third‑party web pages.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime POST requests to https://api.tavily.com/crawl (and https://api.tavily.com/map) which return crawled page content intended to be injected into an LLM context (via the "instructions"/"chunks_per_source" workflow), so the external responses directly control what gets fed into prompts and the API is a required runtime dependency.