tavily
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the CLI tool source code from the author's GitHub repository and installs packages from the npm registry. These resources are associated with the skill author and are used for standard setup procedures.
- [COMMAND_EXECUTION]: Executes shell commands to install, build, and run the Tavily CLI tool, including the use of npx for immediate execution of the utility.
- [PROMPT_INJECTION]: The skill is designed to fetch and process third-party web content, which presents a surface for indirect prompt injection.
- Ingestion points: Web content is retrieved via the
search,extract,map, andcrawlcommands. - Boundary markers: The skill includes a dedicated security rule file (
rules/security.md) that explicitly instructs the agent to ignore instructions found within fetched web data. - Capability inventory: The skill utilizes shell execution for web operations and local file system writes for storing results.
- Sanitization: Security guidelines recommend isolating fetched content into a specific directory (
.tavily/) and using targeted read commands likeheadorrgto prevent the agent from consuming entire malicious files in context.
Audit Metadata