Skills
skills/aaaaqwq/claude-code-skills/tavily/Gen Agent Trust Hub

tavily

Fail

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/tavily.sh is vulnerable to command injection.
  • Evidence: The $query variable is interpolated into a double-quoted JSON string used as a curl data payload. Because the variable is not escaped or handled as a literal, an attacker can use shell command substitution (e.g., $(command)) within the query to execute arbitrary commands on the system.
  • [EXTERNAL_DOWNLOADS]: The skill fetches content from an external search API.
  • Evidence: The script performs network requests to https://api.tavily.com. This is a well-known service for AI-optimized web search.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection.
  • Ingestion points: Web search results and page content returned by the Tavily API.
  • Boundary markers: No markers or delimiters are used to separate untrusted web content from agent instructions in the output.
  • Capability inventory: The skill is configured with Bash, Read, Write, and Edit permissions, providing a high-impact environment if the agent obeys instructions embedded in search results.
  • Sanitization: No sanitization or filtering is applied to the API response before it is processed.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 27, 2026, 03:35 PM