tavily
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill communicates with the official Tavily API endpoint at
api.tavily.comto retrieve search data. This is a standard and expected operation for a web search integration using a well-known service. - [COMMAND_EXECUTION]: The skill utilizes
bash -cto executecurlcommands for API interaction. This method is documented as a workaround for environment variable handling in specific runtimes and is used to send structured search queries and receive JSON results. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as its primary function is to ingest untrusted content from the internet.
- Ingestion points: External web content enters the agent's context through the
answer,results, andcontentfields of the Tavily API response, as defined inSKILL.md. - Boundary markers: The skill does not provide specific instructions or delimiters to isolate the retrieved web content from the agent's instructions.
- Capability inventory: The skill uses
bash -cfor network requests and writes temporary request bodies to/tmp/tavily_request.json. - Sanitization: No content filtering or sanitization mechanisms are implemented within the skill's instructions.
Audit Metadata