tavily
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill's core function is to ingest web search results into the agent's context, which creates a vulnerability surface for malicious instructions embedded in search results.\n
- Ingestion points: Search result titles, snippets, and raw HTML content retrieved via the Tavily API and
scripts/tavily_search.py.\n - Boundary markers: Absent. There are no instructions to the agent to treat the retrieved content as data rather than instructions.\n
- Capability inventory: The documentation explicitly provides examples of piping search results directly into network tools like
curl, which significantly increases the risk if search results are malicious.\n - Sanitization: No sanitization or filtering logic is mentioned for the retrieved content.\n- External Downloads (LOW): The skill requires the installation of the
tavily-pythonlibrary. While this is a standard dependency for the service, it remains an external unverifiable component during static analysis.
Audit Metadata