tavily
Warn
Audited by Snyk on Feb 17, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill uses Tavily web search and an extract script (node {baseDir}/scripts/search.mjs and node {baseDir}/scripts/extract.mjs) to fetch and return content from arbitrary public URLs via the Tavily API (tavily.com), exposing the agent to untrusted third‑party web/user-generated content that it will read and interpret.
Audit Metadata