spellcheck
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- DATA_EXFILTRATION (LOW): The skill documentation includes cURL examples that perform network operations targeting 'api.search.brave.com'. Because this domain is not present in the trusted whitelist, the network activity is categorized as a low-level concern.
- PROMPT_INJECTION (LOW): The skill accepts untrusted data via the 'q' query parameter, representing an indirect prompt injection surface. Evidence: 1. Ingestion points: The 'q' parameter in the GET request to the spellcheck endpoint (SKILL.md). 2. Boundary markers: Boundary markers or 'ignore embedded instruction' warnings are absent in the documentation. 3. Capability inventory: Network operations via cURL (SKILL.md). 4. Sanitization: No evidence of input sanitization or validation is present in the skill documentation.
Audit Metadata