tavily-crawl

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to ingest and process data from external websites, which presents an attack surface for indirect prompt injection.
  • Ingestion points: Website content is retrieved via the Tavily API and returned in the results array (specifically raw_content and chunks) as described in SKILL.md.
  • Boundary markers: The skill documentation does not suggest using specific delimiters or "ignore instructions" wrappers when the agent processes this external data.
  • Capability inventory: The skill uses curl to fetch data, but the surrounding agent system may possess broader capabilities that could be targeted by instructions hidden in crawled websites.
  • Sanitization: There is no evidence of automated sanitization or filtering of the content before it enters the agent's context.
  • [COMMAND_EXECUTION]: The skill utilizes the curl command-line tool to perform HTTP requests to the Tavily API.
  • [EXTERNAL_DOWNLOADS]: The skill performs network operations to api.tavily.com. This is an interaction with a well-known service for web crawling and search data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 06:06 AM
Security Audit — agent-trust-hub — tavily-crawl