tavily
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Data Exposure & Exfiltration (SAFE): The skill handles authentication securely by retrieving the TAVILY_API_KEY from environment variables or command-line arguments. No hardcoded credentials or unauthorized data access patterns were identified.
- Unverifiable Dependencies (SAFE): The dependency 'tavily-python' is the official SDK for the service. The use of 'python-dotenv' is standard for environment variable management.
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from search results, which is a common risk factor for search tools. However, the risk is mitigated as the tool is purely informational. \n
- Ingestion points: Untrusted content is retrieved from the Tavily API in 'tavily_search.py'. \n
- Boundary markers: The output uses Markdown headers and bold text to organize results, though it lacks explicit safety delimiters. \n
- Capability inventory: The skill only performs network GET requests to the Tavily API and prints output; it cannot write files, execute system commands, or perform other side effects. \n
- Sanitization: Content is passed directly from the API to the output.
- Command Execution (SAFE): CLI arguments are handled using 'argparse', and no unsafe shell execution or dynamic code evaluation (eval/exec) is present. Note: The script contains a minor non-security bug where 'sys' is not imported despite the use of 'sys.exit()'.
Audit Metadata