tavily
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): The skill facilitates the ingestion of untrusted data from the live web via search results, which could potentially contain adversarial instructions.
- Ingestion points: Data retrieved from the
https://api.tavily.com/searchendpoint. - Boundary markers: Absent; search results are processed as raw JSON without specific delimiters to isolate them from the agent's instructions.
- Capability inventory: Subprocess execution via
bash -cand network requests viacurl. - Sanitization: Absent; no logic is provided to sanitize or validate the external content before it is processed by the agent.
- Data Exposure & Exfiltration (SAFE): While the skill performs network operations to a non-whitelisted domain (
api.tavily.com), this is the primary intended purpose of the skill. No sensitive local file access or exfiltration of credentials was detected.
Audit Metadata