Skills
skills/bsamiee/parametric_forge/tavily-tools/Gen Agent Trust Hub

tavily-tools

Pass

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION] (LOW): Indirect prompt injection surface detected.
  • Ingestion points: The search, extract, and crawl commands in scripts/tavily.py ingest arbitrary data from external URLs into the agent's context.
  • Boundary markers: No specific delimiters or instructions (e.g., 'treat the following as untrusted data') are documented in the skill to prevent the model from obeying instructions found in scraped content.
  • Capability inventory: The skill executes Python scripts via uv run and interacts with the Tavily API.
  • Sanitization: No sanitization or filtering of the retrieved web content is mentioned.
  • [DATA_EXFILTRATION] (LOW): The skill performs network requests to the Tavily AI API. While this is the intended purpose, these domains are not on the standard internal whitelist and involve sending query data to an external provider.
  • [COMMAND_EXECUTION] (SAFE): The skill documentation provides examples of executing a local Python script (scripts/tavily.py) using uv run. This is a standard and expected method for executing skill logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 18, 2026, 01:07 PM