Skills
skills/tavily-ai/skills/tavily-map/Gen Agent Trust Hub

tavily-map

Fail

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill documentation provides an installation command that downloads a shell script from 'https://cli.tavily.com/install.sh' and pipes it directly to bash. This resource is hosted on the official domain of the skill author (tavily-ai).
  • [COMMAND_EXECUTION]: The skill requires access to the 'Bash' tool to execute 'tvly' commands for mapping website structures and discovering URLs.
  • [PROMPT_INJECTION]: The skill processes untrusted data from external websites in the form of URL paths and domains, which constitutes an indirect prompt injection surface.
  • Ingestion points: Output from the 'tvly map' command containing external URLs (SKILL.md).
  • Boundary markers: No specific delimiters or instructions to ignore embedded content are present in the command examples.
  • Capability inventory: The skill uses 'Bash(tvly *)' to interact with the environment (SKILL.md).
  • Sanitization: There is no evidence of sanitization or filtering of the discovered URL data before it is returned to the agent context.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.tavily.com/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 17, 2026, 06:56 PM