tavily-crawl
Fail
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation includes an installation command (
curl -fsSL https://cli.tavily.com/install.sh | bash) that downloads and executes a shell script directly from the vendor's official domain to install the necessary Tavily CLI tool. - [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute
tvly crawlcommands, enabling it to interact with the local operating system and the network to perform its primary function. - [EXTERNAL_DOWNLOADS]: By crawling third-party websites, the skill ingests external data into the agent's context. This represents an indirect prompt injection surface where instructions hidden in crawled web pages could attempt to influence the agent's subsequent actions.
- Ingestion points: Untrusted content is retrieved from external URLs passed to the
tvly crawlcommand inSKILL.md. - Boundary markers: The documentation does not specify the use of delimiters or 'ignore' instructions for the crawled data.
- Capability inventory: The skill can execute the
tvlyCLI and write extracted content to the local filesystem using the--output-dirflag as seen inSKILL.md. - Sanitization: No explicit sanitization or filtering of the retrieved web content is mentioned in the skill definition.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.tavily.com/install.sh - DO NOT USE without thorough review
Audit Metadata