tavily
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill utilizes the
curlutility to interact with the Tavily REST API. While the commands are structured for specific API endpoints, the use of shell commands for network operations represents a higher capability surface than native library calls. - [DATA_EXFILTRATION] (LOW): Network operations are directed to
api.tavily.com. This domain is not on the trusted whitelist; however, this communication is required for the skill's primary purpose. No evidence of sensitive local file access was found. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it ingests untrusted data from the public internet. Ingestion points: Search results and scraped content from
search,extract, andcrawltools (defined in SKILL.md). Boundary markers: None; the skill does not define delimiters to separate web data from agent instructions. Capability inventory: Execution ofcurlfor external network requests. Sanitization: None; the skill passes content directly from the API to the agent context.
Audit Metadata