tavily-extract
Fail
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation provides an installation command (
curl -fsSL https://cli.tavily.com/install.sh | bash) that downloads and executes a shell script directly from the vendor's official domain. While this is the intended setup method for the Tavily CLI, executing remote scripts via piped shell commands is a security best practice violation. - [COMMAND_EXECUTION]: The skill uses the
tvlycommand-line tool via a Bash interface to perform its operations. It supports writing extracted data to the local file system using the-oor--outputflags. - [EXTERNAL_DOWNLOADS]: The skill is designed to fetch and process content from arbitrary third-party URLs provided by the user.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the web and presents it to the agent.
- Ingestion points: Web content retrieved from URLs passed to the
tvly extractcommand. - Boundary markers: No specific delimiters or instructions are used to separate external content from the agent's system instructions.
- Capability inventory: The skill has access to the Bash tool, which can execute the
tvlyCLI and write files to the local disk. - Sanitization: Content is processed into clean markdown, but there is no evidence of filtering or sanitizing the text to prevent embedded instructions from influencing the agent's behavior.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.tavily.com/install.sh - DO NOT USE without thorough review
Audit Metadata