tavily-map

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). Three of the links are documentation/placeholder pages (example.com and docs.example.com) and are low-risk, but the presence of a direct shell install script (https://cli.tavily.com/install.sh) is a high-risk delivery vector because downloading and running remote .sh installers (curl|bash style) from a third-party domain can distribute malware if the source is not verified.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md shows the tool runs tvly map on arbitrary public sites (e.g., "tvly map 'https://docs.example.com' --json"), which visits and parses public webpages to discover URLs (open/untrusted third-party content) that the agent will use to choose further extract/crawl actions, so third-party content can indirectly influence next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's prerequisite includes a runtime install command that fetches and pipes a remote install script to a shell (curl -fsSL https://cli.tavily.com/install.sh | bash), which executes remote code and is required for the skill to run.