tavily
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from web search results via the Tavily API, which creates a surface for indirect prompt injection where malicious content on indexed web pages could attempt to influence the agent's behavior. * Ingestion points: Search results (content and raw_content fields) returned from api.tavily.com/search as described in SKILL.md. * Boundary markers: The provided documentation and code examples do not include explicit delimiters or instructions to ignore embedded commands in the retrieved content. * Capability inventory: Performs network requests to external APIs and prints the resulting content to the agent context. * Sanitization: No sanitization or instruction filtering of the content field is demonstrated in the examples.
- [DATA_EXFILTRATION]: The skill transmits search queries and receives results from api.tavily.com. This is the intended purpose of the skill and targets a well-known service; no sensitive local file access was detected.
Audit Metadata