search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill performs web searches via Tavily's search API (described in SKILL.md) and the scripts/search.sh invokes the Tavily MCP (https://mcp.tavily.com/mcp) and can request include_raw_content/full page extracts from arbitrary public web pages, so untrusted third‑party content is ingested and could influence the agent's behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The script invokes npx -y mcp-remote https://mcp.tavily.com/mcp at runtime, which downloads and executes remote code to perform the OAuth flow (used if no local token exists), so the URL https://mcp.tavily.com/mcp is a runtime external dependency that results in remote code execution.