tavily-search

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt contains examples that embed API keys directly in commands and code (e.g., export TAVILY_API_KEY="tvly-your-api-key" and TavilyClient(api_key="tvly-your-api-key")), which encourages the LLM to include secret values verbatim in its outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill performs web searches via the Tavily API and explicitly retrieves and uses raw page content (see SKILL.md "Context Search (For RAG Applications)" / Best Practices and scripts like scripts/tavily_search.py and scripts/tavily_search_fast.py which call client.search and client.get_search_context with include_raw_content/context used directly in prompts), thereby ingesting untrusted, public third‑party content that can directly influence answers and subsequent agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill performs runtime calls to Tavily's search API (POST https://api.tavily.com/search), requiring a TAVILY_API_KEY and using returned search/context data (from get_search_context) that is intended to be injected into LLM prompts, so this external endpoint directly controls agent prompts and is a required runtime dependency.