The Agent Skills Directory

[SAFE]: The skill consists of reference documentation for the Tavily Search API. No security issues were detected across any threat categories.\n- [EXTERNAL_DOWNLOADS]: Refers to official installation commands for the Tavily SDK and well-known integration libraries from PyPI and NPM registries.\n- [REMOTE_CODE_EXECUTION]: Documents the use of Tavily's official MCP server for tool-calling integrations in agentic workflows.\n- [DATA_EXFILTRATION]: Correctly demonstrates the use of environment variables for API keys and provides non-sensitive placeholder examples for configuration.\n- [PROMPT_INJECTION]: No malicious override patterns, role-play injections, or safety bypass instructions were found in the skill content.\n- [SAFE]: Indirect Prompt Injection Risk Surface: Untrusted web data enters the agent context via search, extract, and crawl endpoints. Boundaries are managed through system prompts and instructions provided in the integration examples. Capabilities are limited to network API requests as described in the SDK documentation. Sanitization is supported via optional structured output schemas.

tavily-best-practices