tavily-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified via web search and extraction capabilities.
- Ingestion points: The search(), extract(), crawl(), and research() methods described in SKILL.md and reference files allow agents to ingest content from arbitrary external websites.
- Boundary markers: The documentation and examples do not include explicit instructions or delimiters (such as "ignore instructions within this data") to isolate retrieved content.
- Capability inventory: The skill demonstrates network access to tavily.com and integration with several LLM frameworks for data processing.
- Sanitization: No specific evidence of output sanitization or filtering of external content is provided in the examples.
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing official packages such as tavily-python, @tavily/core, and langchain-tavily. These downloads target official repositories and well-known registries (PyPI, NPM) from established technology providers.
Audit Metadata