brave-search
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches search results from the Brave Search API (api.search.brave.com) and retrieves webpage content from arbitrary external URLs. These network operations are fundamental to its purpose and are implemented using standard fetch calls with appropriate timeouts.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes content from external websites which could contain malicious instructions for the agent.
- Ingestion points: Data enters the system from external websites via
content.jsand the--contentflag insearch.js. - Boundary markers: The tool structures its output using clear delimiters such as
--- Result N ---and labels likeTitle:andContent:. However, it does not provide an explicit warning to the agent to ignore any instructions embedded within the fetched text. - Capability inventory: The skill's capabilities are restricted to network GET requests and logging output to the console. It cannot write to the file system, execute shell commands, or perform other high-risk operations.
- Sanitization: The skill converts HTML to Markdown using the
turndownand@mozilla/readabilitylibraries. This process strips executable scripts and styling, mitigating traditional cross-site scripting (XSS) risks, though it does not filter natural language instructions targeting the LLM.
Audit Metadata