suggest
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): This skill retrieves data from an external source (Brave Search API) which includes titles and descriptions of web entities. This creates a surface for indirect prompt injection if the agent processes these descriptions as instructions. However, the risk is minimal as the provider is a reputable search engine and the data is limited to short snippets.
- [Data Exposure] (SAFE): The skill documentation correctly references the use of an environment variable (
${BRAVE_SEARCH_API_KEY}) for authentication rather than hardcoding credentials.
Audit Metadata