tavily

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs using Membrane to connect to Tavily — "Tavily is an AI-powered search engine ... find and synthesize information from the web" — and to run membrane action list/run to retrieve search/article results (returned in the action "output"), so the agent will ingest open web content from untrusted public sources that can influence subsequent actions.