tavily-search

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Mixed risk: most links are service or placeholder pages (tavily.com, app.tavily.com, example.com) but the explicit curl | sh installer at https://astral.sh/uv/install.sh is a high-risk pattern (downloading and executing an unverified shell script), so the set should be treated as potentially unsafe without verification.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill calls Tavily's public APIs (SEARCH_URL "https://api.tavily.com/search" and EXTRACT_URL "https://api.tavily.com/extract") and, per SKILL.md and scripts/search.py, can return raw article bodies (via --raw-content or --extract) from arbitrary public websites which the agent ingests and uses to synthesize answers, so untrusted third‑party content could inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's setup step instructs running a shell one-liner that fetches and executes remote code (curl -LsSf https://astral.sh/uv/install.sh | sh) to install the required "uv" runner, so this URL is a runtime external dependency that executes remote code.