tavily
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external web sources.
- Ingestion points: Data enters the agent context through search results in 'scripts/search.mjs' and raw webpage content in 'scripts/extract.mjs'.
- Boundary markers: The skill does not use delimiters or instructions to prevent the agent from being influenced by malicious commands embedded in retrieved web content.
- Capability inventory: The skill is limited to making network requests to the Tavily API and outputting results to the console; it does not have dangerous local execution or file-system write capabilities.
- Sanitization: There is no evidence of content filtering or sanitization being applied to the data fetched from the web before it is presented to the agent.
Audit Metadata