crawl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill fetches and returns raw page content from arbitrary public websites provided via the JSON "url" parameter (calling the Tavily crawl API / mcp.tavily.com/mcp and returning "raw_content"/chunks), and those untrusted, user-controlled pages are explicitly intended to be fed into an LLM context—allowing indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill performs runtime calls to https://api.tavily.com/crawl and to https://mcp.tavily.com/mcp (including an npx mcp-remote invocation pointing at https://mcp.tavily.com/mcp) to fetch arbitrary site content that is intended to be injected into LLM context and to invoke remote tooling, meaning external content can directly influence prompts and remote code can be executed during runtime.