tavily
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface as it is designed to retrieve and process content from the open web.
- Ingestion points:
scripts/search.mjsandscripts/extract.mjsingest snippets and full-page text from arbitrary external URLs. - Boundary markers: Results are structured using standard markdown headers and lists, but the skill does not implement specific delimiters or instructions to the agent to disregard potential instructions embedded in the retrieved web content.
- Capability inventory: The skill scripts lack dangerous capabilities; they do not perform file system writes, execute shell commands, or use dynamic execution functions like
eval()orexec(). - Sanitization: Basic string conversion and whitespace trimming are applied to the outputs, though no semantic sanitization of the fetched content is performed.
- [DATA_EXFILTRATION]: The skill initiates network requests to
api.tavily.comto provide its search and extraction features. This represents legitimate communication with a well-known service provider required for the skill's stated purpose.
Audit Metadata