Skills
NYC
skills/tavily-ai/tavily-plugins/research/Gen Agent Trust Hub

research

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The skill references a local script ./scripts/research.sh and provides curl examples for interacting with the Tavily API. These commands are necessary for the skill's functionality and do not exhibit malicious intent such as privilege escalation or persistence.
  • [EXTERNAL_DOWNLOADS] (SAFE): The skill makes network requests to api.tavily.com. While this domain is not on the global whitelist, it is the legitimate service provider for the skill's stated purpose of 'AI-synthesized research'.
  • [CREDENTIALS_UNSAFE] (SAFE): The skill instructs users on how to safely configure their own TAVILY_API_KEY via environment variables or a configuration file. No hardcoded API keys or secrets were found in the file.
  • [DATA_EXFILTRATION] (SAFE): There is no evidence of the skill attempting to access sensitive local files (like SSH keys or cloud credentials) or sending unauthorized data to external endpoints.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:54 PM