tavily
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from web search results and external URLs. Ingestion points: Tavily API search results and
extract.mjsURL content. Boundary markers: None specified in documentation. Capability inventory: Network access for search and extraction. Sanitization: Not specified in the provided files. - Command Execution (SAFE): The skill executes its own internal scripts using Node.js for its core functionality, which is standard behavior for this type of extension.
Audit Metadata