tavily-crawl

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The documentation links (example.com, docs.example.com) look benign, but cli.tavily.com/install.sh is a direct shell-script download and the prompt explicitly recommends piping it to bash (curl | bash), which is a high‑risk pattern because it executes unverified remote code from a third‑party domain and could easily be used to distribute malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to crawl arbitrary public websites (e.g., examples like tvly crawl "https://docs.example.com") and to return semantic chunks for "agentic use" (using --instructions and --chunks-per-source) including external links by default (--allow-external), meaning the agent will fetch and ingest untrusted third-party web content that can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's quick install requires running curl -fsSL https://cli.tavily.com/install.sh | bash which fetches and executes a remote install script (the required Tavily CLI), so external code would run and control the agent's runtime environment.