tavily-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references official SDKs 'tavily-python' and '@tavily/core' from standard public registries (PyPI and npm).
- [CREDENTIALS_UNSAFE] (SAFE): Documentation instructs users to use environment variables for API keys and uses clear placeholders like 'tvly-YOUR_API_KEY' in code examples, preventing secret exposure.
- [PROMPT_INJECTION] (LOW): The skill implements web search, extraction, and crawling capabilities, creating a surface for indirect prompt injection from external web content. Evidence chain from SKILL.md: 1. Ingestion points: search(), extract(), crawl(), and research() methods. 2. Boundary markers: No explicit delimiters or ignore-instructions warnings are provided in the snippets. 3. Capability inventory: SDK wrapper for web-based data retrieval; no direct system command execution or eval patterns identified in the skill logic. 4. Sanitization: No evidence of output sanitization or filtering of retrieved web content before processing.
Audit Metadata