answers
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): Potential for Indirect Prompt Injection via processed web search results.
- Ingestion points: Untrusted web content retrieved from the internet via the Brave Search API (
api.search.brave.com) in both single-search and research modes. - Boundary markers: The documentation does not specify the use of delimiters (like XML tags or markdown blocks) to isolate retrieved web content from the agent's core instructions.
- Capability inventory: The skill is designed to provide grounded answers and perform 'deep research,' meaning the agent will use this external data to inform its reasoning and subsequent decision-making processes.
- Sanitization: No sanitization or filtering of the retrieved web content is mentioned, allowing malicious instructions embedded in websites to be directly interpolated into the agent's context.
- EXTERNAL_DOWNLOADS (LOW): The skill performs network operations to
api.search.brave.com. - Evidence: Multiple cURL and Python examples demonstrate POST requests to the Brave Search API.
- Risk: While a legitimate service, these operations involve sending user queries to an external third party and should be monitored for data exposure.
Recommendations
- AI detected serious security threats
Audit Metadata