tavily
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing official SDKs from npm (@tavily/core) and PyPI (tavily-python), as well as various framework-specific integrations such as langchain-tavily and crewai.
- [REMOTE_CODE_EXECUTION]: Integration guides describe using npx to execute the Tavily MCP server (@tavily/mcp) and connecting to a remote MCP endpoint at https://mcp.tavily.com/mcp/. These are standard integration patterns for the service.
- [CREDENTIALS_UNSAFE]: Code examples throughout the documentation use placeholders such as 'tvly-YOUR_API_KEY' and environment variables (os.getenv) to demonstrate authentication, which follows security best practices for avoiding hardcoded secrets.
- [DATA_EXFILTRATION]: Documentation includes examples of the TavilyHybridClient, which facilitates synchronization between web search results and a local MongoDB database. While this involves data transfer to a database, it is a documented feature for RAG (Retrieval-Augmented Generation) applications.
- [PROMPT_INJECTION]: The crawl and map APIs accept a natural language 'instructions' parameter, and the search API processes external web content. This presents a surface for indirect prompt injection where untrusted data could influence agent behavior.
- Ingestion points: The 'instructions', 'query', and 'urls' parameters in API calls documented across SKILL.md and references/api.md.
- Boundary markers: No specific delimiters or safety instructions are provided in the examples for handling these inputs.
- Capability inventory: The skill enables broad network access for web searching and content extraction, as well as database write operations via the Hybrid Client.
- Sanitization: No explicit sanitization or validation logic is discussed for the inputs in the provided documentation.
Audit Metadata