tavily
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill communicates with the official Tavily API endpoint (api.tavily.com). API keys are handled securely via environment variables.
- [PROMPT_INJECTION]: The skill ingests external content from web searches and URL extractions, creating a potential surface for indirect prompt injection. * Ingestion points:
scripts/search.mjsandscripts/extract.mjs. * Boundary markers: None present. * Capability inventory: No file system access or shell command execution on processed data. * Sanitization: None.
Audit Metadata