tavily-extract

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts arbitrary public URLs (see SKILL.md "urls" examples and the request body) and scripts/extract.sh calls the Tavily extraction API / mcp.tavily.com to fetch and return web page content, so untrusted third‑party pages can be ingested and influence the agent's outputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The script invokes npx -y mcp-remote https://mcp.tavily.com/mcp (downloading and executing a remote npm package at runtime) and POSTs to https://mcp.tavily.com/mcp to receive SSE results used as output, so https://mcp.tavily.com/mcp is a runtime external dependency that results in executing remote code.