brave-search
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill retrieves untrusted data from the internet via search results and page extraction, which presents a surface for indirect prompt injection where malicious instructions could be embedded in search snippets or website content.
- Ingestion points: Untrusted content is ingested through the output of the
./search.jsand./content.jsscripts as described in SKILL.md. - Boundary markers: The skill uses basic separators such as '--- Result 1 ---' but lacks clear instructions or markers to distinguish external data from system instructions.
- Capability inventory: The skill is used by the agent to fetch and process web content; the scripts themselves execute search queries and perform HTTP requests.
- Sanitization: There is no documentation indicating that external content is sanitized or that instructions within the content are escaped before processing.
Audit Metadata