tavily-web
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill is installed via
npx skills add -g BenedictKing/tavily-web. The author and repository are not within the defined trusted scopes, meaning the code executed during installation and runtime has not been verified by a trusted organization. - PROMPT_INJECTION (MEDIUM): The skill facilitates indirect prompt injection by design as it extracts content from external URLs and search results.
- Ingestion points: Web search results and crawled website content (SKILL.md).
- Boundary markers: None specified; raw content is likely passed to the agent context.
- Capability inventory: Network access (Tavily API) and content extraction.
- Sanitization: No sanitization or filtering of malicious instructions hidden in HTML or metadata is mentioned.
Audit Metadata