web-research-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests content from arbitrary public URLs (see the SKILL.md decision tree using WebFetch, the Tavily Extract/Map/Crawl examples in references/tavily-api.md, and the agent-browser patterns in rules/browser-patterns.md and monitoring-*.md) and then parses that untrusted page content to drive actions like structured extraction, diffs, and alerts, allowing third-party page instructions to materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill performs runtime curl calls to https://api.tavily.com (e.g., /extract, /search, /map, /crawl, /research) to fetch raw markdown/content that is parsed and injected into the agent's processing/synthesis, so this external content can directly control prompts and is a required dependency when TAVILY_API_KEY is used.