Skills
AGENT LAB: SKILLS
skills/tavily-ai/skills/research/Gen Agent Trust Hub

research

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • Remote Code Execution (MEDIUM): The script executes 'npx -y mcp-remote', which automatically downloads and runs a package from the npm registry to facilitate authentication, bypassing manual verification of the utility's source and integrity.
  • Data Exposure (MEDIUM): The script recursively scans the user's home directory ('~/.mcp-auth/') for authentication tokens. Accessing credential caches is a sensitive operation that should be restricted to the specific service provider.
  • Indirect Prompt Injection (LOW): The skill processes untrusted web data retrieved via search. 1. Ingestion points: Research data from Tavily API in 'scripts/research.sh'. 2. Boundary markers: None. 3. Capability inventory: File writing to user-specified paths and network requests. 4. Sanitization: None.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 04:36 PM