videos-search
Pass
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process untrusted external data from search results. While it lacks direct execution capabilities, it presents an attack surface for indirect prompt injection.
- Ingestion points: Data enters the agent via the Brave Search API response fields, specifically
results[].titleandresults[].description. - Boundary markers: None identified in the skill definition to help the agent distinguish between search metadata and potential embedded instructions.
- Capability inventory: The skill itself only performs data retrieval (HTTP GET/POST) and does not include file-writing, command execution, or network exfiltration capabilities.
- Sanitization: There is no explicit sanitization or filtering of the search results content mentioned in the documentation.
- [Data Exposure & Exfiltration] (SAFE): The skill uses environment variable placeholders (
${BRAVE_SEARCH_API_KEY}) and generic placeholders (<API_KEY>) for authentication, avoiding hardcoded secrets. - [Command Execution] (SAFE): The provided cURL examples are for documentation purposes and do not indicate a pattern of the agent executing arbitrary shell commands.
Audit Metadata