Security Audit

tavily

github.com/intellectronica/agent-skills

AI SkillCommit 326f2466f4b7

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

tavily received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via Unsanitized User Input in Curl Commands.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 11, 2026 (commit 326f2466). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

85%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via Unsanitized User Input in Curl Commands The skill documentation provides `curl` command examples for interacting with the Tavily API. An AI agent implementing this skill would likely construct similar `curl` commands based on user input for parameters such as `query`, `url`, `instructions`, or other string fields. If user-provided input is directly interpolated into the JSON payload or URL path of these `curl` commands without proper escaping (e.g., JSON escaping, shell escaping), it could lead to command injection. An attacker could craft malicious input to break out of the JSON string or inject arbitrary shell commands, leading to unauthorized execution on the host system. Instruct the AI agent to rigorously sanitize all user-provided input before incorporating it into `curl` commands. This includes: 1. JSON escaping for all string values within the `-d` payload to prevent JSON structure manipulation. 2. Shell escaping for the entire `curl` command string if it's executed via a shell interpreter, to prevent arbitrary command execution (e.g., using `shlex.quote` in Python). Explicitly warn about the dangers of direct interpolation of untrusted input into shell commands.	Static	SKILL.md:40

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/afbe72dd04b47697.svg)](https://skillshield.io/report/afbe72dd04b47697)