web-search-tavily
Warn
Audited by Snyk on Jul 2, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.95). The skill’s runtime workflow calls Tavily endpoints like
/search,/extract,/map, and/crawl, which fetch and extract arbitrary public web page content (outsider-authored) and then feed that extracted text/snippets back into the agent’s LLM context for summarization/research.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches arbitrary user-supplied URLs at runtime via Tavily Extract/Map/Crawl (e.g., "https://example.com/article1", "https://example.com", "https://docs.example.com"), and the retrieved page content is returned/injected into the agent's response context, which can directly control prompts or outputs.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata