tavily-search
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the retrieval of untrusted web content via the Tavily API. This content is intended for processing by an AI agent, creating a surface for indirect prompt injection attacks where malicious instructions embedded in web pages could attempt to hijack the agent's reasoning.
- Ingestion points: Web content is ingested into the agent context through
scripts/tavily_search.py,scripts/tavily_search_fast.py, andscripts/tavily_web_search.py. - Boundary markers: The scripts return search results as raw JSON or truncated text without applying delimiters or explicit instructions for the agent to ignore embedded commands.
- Capability inventory: The skill performs network operations to
api.tavily.comand performs local file writes to manage a cache directory at~/.cache/tavily_search. - Sanitization: Content is truncated for length in several scripts, but no filtering, escaping, or validation for malicious instructions is performed on the retrieved web data.
Audit Metadata