tavily-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation references installation of standard SDKs and integration packages from official registries (e.g.,
tavily-python,@tavily/core,langchain-tavily). These originate from well-known technology organizations and follow standard integration patterns. - [PROMPT_INJECTION]: The skill documents capabilities for fetching and processing web content, which presents an inherent surface for indirect prompt injection.
- Ingestion points: Functions like
client.search(),client.extract(), andclient.crawl()ingest untrusted data from the public web (documented inSKILL.mdandreferences/search.md). - Boundary markers: Delimiters or 'ignore instructions' markers are not demonstrated in the documentation snippets.
- Capability inventory: Examples in
references/integrations.mdshow the agent passing retrieved data to LLMs for reasoning. - Sanitization: No specific sanitization or filtering logic is illustrated in the reference material.
Audit Metadata