Skills
skills/tavily-ai/skills/search/Gen Agent Trust Hub

search

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The script executes npx -y mcp-remote, which fetches and runs a package from the npm registry without interactive verification. This bypasses security checks and relies on the integrity of the remote package.
  • DATA_EXFILTRATION (MEDIUM): The script recursively scans the ~/.mcp-auth/ directory to locate and extract sensitive authentication tokens. While intended for its core function, this type of broad access to credential stores in the user's home folder is a significant security risk.
  • COMMAND_EXECUTION (LOW): The script uses curl and other shell utilities to send data, including authentication tokens, to the external endpoint https://mcp.tavily.com/.
  • PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection (Category 8) as it processes untrusted search results from the web and returns them to the agent without sanitization. * Ingestion points: scripts/search.sh via the Tavily API response. * Boundary markers: Absent. * Capability inventory: Network requests (curl), subprocess spawning (npx). * Sanitization: None; the script extracts text via jq and passes it directly to the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 04:36 PM