aisa-tavily
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The scripts
scripts/search.mjsandscripts/extract.mjsperform network requests toapi.aisa.one. While this domain is not on the pre-approved whitelist, the activity is consistent with the skill's stated purpose of providing a search proxy. - [Indirect Prompt Injection] (LOW): The skill creates an attack surface for indirect prompt injection by fetching and displaying untrusted web content.
- Ingestion points: Search results (titles, snippets, and AI-generated answers) in
scripts/search.mjsand raw page content inscripts/extract.mjs. - Boundary markers: Absent. Data is printed directly to the console without structural delimiters or specific instructions for the agent to ignore embedded instructions.
- Capability inventory: The skill itself lacks dangerous capabilities (such as subprocess spawning or file system writes), which significantly limits the potential impact of an injection.
- Sanitization: No sanitization or escaping is performed on the data received from the external API before presentation to the agent.
Audit Metadata