Skills
skills/dwsy/agent/tavily-search-free/Gen Agent Trust Hub

tavily-search-free

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [Unverifiable Dependencies] (LOW): The skill requires tavily-python and python-dotenv. Since the tavily organization is not on the pre-approved trusted sources list, this is a verifiable dependency concern. The severity is lowered to LOW because these packages are standard and necessary for the skill's primary search functionality.- [Indirect Prompt Injection] (LOW): This skill retrieves content from the internet and presents it to the agent, creating a surface for indirect prompt injection.
  • Ingestion points: scripts/tavily_search.py (via the Tavily API).
  • Boundary markers: Absent; the script returns raw JSON results without delimiters or warnings to the LLM.
  • Capability inventory: The skill is designed for network communication with api.tavily.com.
  • Sanitization: Absent; content from the web is passed to the agent without filtering or escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 03:31 PM