tavily-web
Warn
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The installation process involves downloading logic from an external community GitHub repository (
BenedictKing/tavily-web). This source is not officially verified. - [COMMAND_EXECUTION]: The skill instructs the user to execute a shell command (
npx skills add -g BenedictKing/tavily-web) to install the external code into the agent's environment. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core functionality.
- Ingestion points: External data is ingested from the web through Tavily search results, crawling, and content extraction tools as described in SKILL.md.
- Boundary markers: The provided documentation does not indicate the use of boundary markers or instructions to ignore embedded commands within fetched web content.
- Capability inventory: The skill possesses web crawling and search capabilities, which naturally involve interacting with untrusted third-party data.
- Sanitization: There is no evidence in the provided file of sanitization or filtering of external content before it is processed by the agent.
Audit Metadata