tavily-crawl
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process data from external websites, which presents an attack surface for indirect prompt injection.
- Ingestion points: Website content is retrieved via the Tavily API and returned in the
resultsarray (specificallyraw_contentand chunks) as described inSKILL.md. - Boundary markers: The skill documentation does not suggest using specific delimiters or "ignore instructions" wrappers when the agent processes this external data.
- Capability inventory: The skill uses
curlto fetch data, but the surrounding agent system may possess broader capabilities that could be targeted by instructions hidden in crawled websites. - Sanitization: There is no evidence of automated sanitization or filtering of the content before it enters the agent's context.
- [COMMAND_EXECUTION]: The skill utilizes the
curlcommand-line tool to perform HTTP requests to the Tavily API. - [EXTERNAL_DOWNLOADS]: The skill performs network operations to
api.tavily.com. This is an interaction with a well-known service for web crawling and search data.
Audit Metadata