tavily-dynamic-search

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Two links (platform.claude.com and example.com/article) are documentation/placeholder pages and low risk, but cli.tavily.com/install.sh is a direct shell installer from an unfamiliar third‑party domain (curl|bash style install) which is a high‑risk vector for malware if the source is not trusted.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs running tvly search (including --include-raw-content) and tvly extract to fetch full page raw_content from arbitrary public websites/URLs (saved to /tmp and processed in Python), so untrusted third‑party web content is read and used to decide extractions and next actions, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's "Before running any command" step instructs running curl -fsSL https://cli.tavily.com/install.sh | bash which fetches and executes a remote installer (https://cli.tavily.com/install.sh) and is presented as a required dependency for the skill, so it directly executes remote code at runtime.