extract
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The shell script
extract.shutilizesnpxto execute themcp-remotepackage from the npm registry to handle authentication with the well-known Tavily service athttps://mcp.tavily.com/mcp. - [COMMAND_EXECUTION]: The Bash script executes background processes and system commands to manage the authentication handshake and process API requests.
- [EXTERNAL_DOWNLOADS]: The skill connects to Tavily's well-known API and MCP endpoints to fetch data and verify user credentials. It also triggers a package download via
npxfor authentication purposes. - [PROMPT_INJECTION]: The skill's primary function is to ingest external web content into the agent's context, creating an indirect prompt injection surface.
- Ingestion points: Web content is retrieved from user-provided URLs in
extract.shandextract.py. - Boundary markers: None identified; the content is returned to the agent without specific delimiters or isolation instructions.
- Capability inventory: The skill has network access for fetching external content and file system read access for retrieving stored authentication tokens.
- Sanitization: There is no evidence of sanitization or filtering applied to the extracted web content before it is processed by the agent.
Audit Metadata