tavily-2

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed API keys directly (inline CLI --api-key, api_key="tvly-...") and shows copying keys into config/code, which would require the model to handle or output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill programmatically queries the Tavily search API (see scripts/tavily_search.py and SKILL.md/references/api-reference.md) and returns AI-generated answers plus extracted "content" and optional "raw_content" from arbitrary web pages, meaning the agent ingests untrusted public third-party content that can influence its actions.