brave-search
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its web content extraction functionality. * Ingestion points: Web content retrieved via the
search.js --contentandcontent.jstools. * Boundary markers: Absent in documentation; there are no instructions for the agent to treat the fetched content as untrusted or to use specific delimiters. * Capability inventory: The skill allows the agent to ingest arbitrary text from the web, which can influence subsequent reasoning steps. * Sanitization: Documentation does not indicate any filtering or escaping of the extracted markdown content. - [EXTERNAL_DOWNLOADS]: The skill's setup instructions utilize
npm cito download dependencies from the official npm registry, which is a well-known and trusted service. - [COMMAND_EXECUTION]: The skill requires the execution of local scripts (
search.jsandcontent.js) and the npm package manager to function. - [NO_CODE]: The core logic files (
search.jsandcontent.js) referenced in the documentation are missing from the provided skill files, which prevents a thorough security audit of the actual code behavior.
Audit Metadata