web3-research
Pass
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The script
tavily_search.pyrequires thetavily-pythonlibrary to interact with the Tavily API. This is a standard dependency for the tool's core functionality. - [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8). Ingestion points: Untrusted content from external domains (e.g., coindesk.com, cointelegraph.com) is retrieved via
tavily_search.pyand incorporated into the agent's context. Boundary markers: No delimiters or 'ignore' instructions are used to separate external data from the system prompt instructions. Capability inventory: The skill is limited to analysis and reasoning; it lacks direct file-write or arbitrary command execution capabilities beyond the specific API call. Sanitization: No validation or sanitization of search result content is performed before processing.
Audit Metadata