tavily

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes examples that embed API keys directly (config fields, --api-key CLI args, and api_key="tvly-...") which encourages the model to produce outputs containing secret values verbatim, creating an exfiltration risk despite also mentioning env vars.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly queries the public Tavily search API (SKILL.md and references/api-reference.md) and scripts/tavily_search.py fetches/extracts third‑party web content (including cleaned HTML via --raw-content and returned result["content"]/raw_content and AI-generated answers) which the agent is expected to read and use in its workflow, so untrusted web content can directly influence its actions.