research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [DATA_EXFILTRATION] (SAFE): The script transmits the search query and the user-provided API key to
https://api.tavily.com/search. This is the intended and primary function of the tool. There is no evidence of unauthorized access to sensitive local files (like SSH keys or AWS credentials). - [PROMPT_INJECTION] (LOW): The script is susceptible to Indirect Prompt Injection (Category 8) because it retrieves and displays untrusted content from the web.
- Ingestion points: Untrusted search results, AI-generated answers, and raw web content are fetched from the Tavily API and printed to the console.
- Boundary markers: The script does not use delimiters or warning markers to isolate search results from the agent's instructions.
- Capability inventory: The script possesses network access (via
--allow-net) to communicate with the Tavily API and environment access (via--allow-env) to read the API key. - Sanitization: Content is truncated for display but otherwise output without sanitization or escaping.
Audit Metadata