tavily-extract

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the curl binary to send POST requests to the Tavily API, which is standard for API-based tools.
  • [EXTERNAL_DOWNLOADS]: The skill communicates with the api.tavily.com domain to retrieve web content. Tavily is a well-known service for search and data extraction, and this interaction is expected for the skill's functionality.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it is designed to ingest and process data from external, untrusted web pages.
  • Ingestion points: External web content is retrieved and provided to the agent through the raw_content field in the API response as seen in SKILL.md.
  • Boundary markers: The skill documentation does not define specific boundary markers or instructions to isolate the retrieved content from the agent's instruction context.
  • Capability inventory: The skill uses curl for making network requests to the Tavily API.
  • Sanitization: No explicit sanitization or filtering of the fetched web content is performed by the skill itself.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 06:06 AM
Security Audit — agent-trust-hub — tavily-extract