tavily

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that place API keys directly in CLI arguments and code (e.g., --api-key "tvly-..." and api_key="tvly-..."), which would require the agent to insert secret values verbatim into commands or code, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly describes searching the broad web (Overview/Architecture "Broad Web Search", "news" mode) and returning/extracting untrusted third-party content (see "Structured Results" with content/raw_content and "Content Extraction" / "Response Handling" sections), which the agent is expected to read and synthesize into AI-generated answers, so external webpage instructions could influence its actions.