Skills
skills/arcanexis/alice-single/tavily/Gen Agent Trust Hub

tavily

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (MEDIUM): The skill processes untrusted data from external websites retrieved via the Tavily API.
  • Ingestion points: tavily_search.py in search() and quick_search() methods.
  • Boundary markers: Absent. External content (titles, snippets, and AI-generated summaries from Tavily) is interpolated directly into the output string.
  • Capability inventory: The skill performs network operations to fetch internet data and outputs it to the agent's context.
  • Sanitization: None. The script truncates snippets but does not filter for malicious instructions embedded in the web content.
  • [External Downloads] (LOW): The skill relies on external third-party libraries.
  • Evidence: Requires tavily-python and python-dotenv as documented in SKILL.md.
  • [Credentials Unsafe] (LOW): The skill handles sensitive API keys.
  • Evidence: tavily_search.py uses load_dotenv() to read TAVILY_API_KEY. It also allows passing the key via a command-line argument --api-key, which can be visible in process lists on multi-user systems.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 05:30 AM