brave-search
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external web content through the Brave Search API and page extraction. This creates a surface for indirect prompt injection where malicious instructions hosted on a webpage could attempt to influence the agent's behavior.
- Ingestion points: Web search results and extracted markdown content as described in
SKILL.md. - Boundary markers: The documentation does not specify the use of delimiters or 'ignore' instructions to separate untrusted web content from the agent's system prompt.
- Capability inventory: The skill executes local scripts (
search.js,content.js) to perform network operations and format output. - Sanitization: No sanitization or filtering of fetched web content is mentioned in the documentation.
Audit Metadata