web-search-tavily
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to override agent behavior or bypass safety filters were detected in the markdown or script content.
- Data Exposure & Exfiltration (SAFE): The skill accesses the
TAVILY_API_KEYenvironment variable as intended. Network access is strictly restricted toapi.tavily.comvia Deno's--allow-netflag, preventing unauthorized data exfiltration. - Indirect Prompt Injection (LOW):
- Ingestion points: Untrusted web content, snippets, and AI-generated summaries are ingested from the Tavily API into the agent's context (file:
scripts/search.ts). - Boundary markers: Absent; the script outputs raw search results without specific delimiters or instructions for the LLM to treat the data as untrusted.
- Capability inventory: The script is limited to network requests (
fetch) and stdout. It does not have access to the file system, subprocesses, or dynamic execution (eval/exec). - Sanitization: Content is returned as raw strings without escaping or filtering of potentially malicious embedded instructions.
- Unverifiable Dependencies (SAFE): The script is a standalone Deno file that does not import external third-party modules or libraries, relying solely on built-in Web and Deno APIs.
Audit Metadata