tavily-web
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill is installed using the command
npx skills add -g BenedictKing/tavily-web, which downloads code from a non-trusted community GitHub repository. This introduces the risk of executing unverified scripts or configurations on the host system. - [PROMPT_INJECTION]: As a tool designed for web search, content extraction, and crawling, this skill is a high-risk surface for indirect prompt injection attacks where an external website could provide malicious instructions to the agent.
- Ingestion points: Untrusted data enters the agent's context through web search results and content crawled from external URLs (SKILL.md).
- Boundary markers: There are no specified delimiters or 'ignore' instructions mentioned to prevent the agent from obeying commands embedded in the search results.
- Capability inventory: The skill allows the agent to perform active web research and content scraping, expanding its knowledge base with potentially adversarial data.
- Sanitization: The documentation does not describe any sanitization, filtering, or validation processes for the data retrieved from the web before it is presented to the model.
Audit Metadata