tavus-cvi-knowledge

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's curl examples place an API key directly in request headers (x-api-key: YOUR_API_KEY), which is an insecure pattern because replacing the placeholder with a real key would require the LLM to include secret values verbatim in generated commands/outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly ingests arbitrary public URLs and crawls websites (see "Create Document" and "Supported Sources" / "Website Crawling" which accept PDFs, text files, and site URLs), so the agent will fetch and read untrusted third-party web content that could carry indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill accepts external document_url values (e.g., https://example.com/faq.pdf and https://docs.example.com) which the Tavus API fetches at runtime and injects into the persona's knowledge/response context, so externally hosted content can directly influence agent prompts and output.