web-search-tavily
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to retrieve API keys from a specific configuration file at
~/.gooseworks/credentials.json. Accessing sensitive credential files is a security-sensitive pattern, even when used for legitimate tool authentication. - [COMMAND_EXECUTION]: The setup process involves executing shell commands via
python3 -cto parse local JSON files and export environment variables, which demonstrates the use of local code execution for configuration. - [EXTERNAL_DOWNLOADS]: The skill utilizes
npx(specificallynpx gooseworks loginandnpx goose-skills install) to download and execute packages from the npm registry, which introduces external code into the environment. - [PROMPT_INJECTION]: The skill's core functionality is designed to ingest large amounts of content from the web via search, extraction, and crawling. This provides a significant surface for indirect prompt injection attacks.
- Ingestion points: Data enters the agent's context from arbitrary third-party URLs processed by the
/search,/extract,/map, and/crawlendpoints. - Boundary markers: The instructions do not define any boundary markers or special delimiters to help the agent distinguish between its instructions and retrieved content.
- Capability inventory: The skill possesses capabilities for network operations (
curl) and local command execution (python3,npx). - Sanitization: There is no evidence of content sanitization or safety filtering applied to the results retrieved from the web before they are processed by the agent.
Audit Metadata