Skills
skills/lichamnesia/lich-skills/tavily-search/Gen Agent Trust Hub

tavily-search

Fail

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The setup instructions in SKILL.md include a command to download and execute the installation script for the uv package manager from astral.sh.
  • [EXTERNAL_DOWNLOADS]: The skill fetches the httpx library and the uv tool from official and well-known repositories during the initial setup and runtime.
  • [DATA_EXFILTRATION]: Transmits user-provided queries and the Tavily API key to the official api.tavily.com endpoint for search and extraction services.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from the web (search snippets and article bodies), creating a surface for indirect prompt injection.
  • Ingestion points: The scripts/search.py script receives data from the Tavily API, which crawls external websites controlled by third parties.
  • Boundary markers: The output is formatted with simple labels like 'RESULTS:' and 'ANSWER:', but does not utilize robust delimiters or explicit instructions to prevent the agent from following commands embedded in the retrieved web content.
  • Capability inventory: The script performs network requests via httpx, and the skill environment supports shell command execution via uv.
  • Sanitization: The skill does not perform sanitization, filtering, or safety checks on the retrieved web content before presenting it to the agent.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 13, 2026, 08:28 PM