web-search-tavily

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructs the agent to retrieve API keys from a specific configuration file at ~/.gooseworks/credentials.json. Accessing sensitive credential files is a security-sensitive pattern, even when used for legitimate tool authentication.
  • [COMMAND_EXECUTION]: The setup process involves executing shell commands via python3 -c to parse local JSON files and export environment variables, which demonstrates the use of local code execution for configuration.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes npx (specifically npx gooseworks login and npx goose-skills install) to download and execute packages from the npm registry, which introduces external code into the environment.
  • [PROMPT_INJECTION]: The skill's core functionality is designed to ingest large amounts of content from the web via search, extraction, and crawling. This provides a significant surface for indirect prompt injection attacks.
  • Ingestion points: Data enters the agent's context from arbitrary third-party URLs processed by the /search, /extract, /map, and /crawl endpoints.
  • Boundary markers: The instructions do not define any boundary markers or special delimiters to help the agent distinguish between its instructions and retrieved content.
  • Capability inventory: The skill possesses capabilities for network operations (curl) and local command execution (python3, npx).
  • Sanitization: There is no evidence of content sanitization or safety filtering applied to the results retrieved from the web before they are processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:18 AM
Security Audit — agent-trust-hub — web-search-tavily