Skills
skills/sebas-aikon-intelligence/antigravity-awesome-skills/tavily-web/Gen Agent Trust Hub

tavily-web

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The installation instructions command the use of npx skills add -g BenedictKing/tavily-web, which fetches code from a GitHub account that is not listed as a trusted organization or repository.
  • [REMOTE_CODE_EXECUTION] (MEDIUM): Installing and executing third-party scripts from an unverified source allows for potential execution of malicious code provided by the repository owner.
  • [PROMPT_INJECTION] (LOW): As a web search and extraction tool, this skill is vulnerable to Indirect Prompt Injection (Category 8). Malicious instructions embedded in searched websites or crawled URLs could influence the agent's behavior. * Ingestion points: Web search results and URL content extraction; * Boundary markers: None specified in the documentation; * Capability inventory: Web search, crawling, and research; * Sanitization: No sanitization or validation of external web content is mentioned.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:37 PM