Skills
skills/family3253/skill/brave-search/Gen Agent Trust Hub

brave-search

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted web content from search results and external websites, creating a surface for indirect prompt injection attacks.
  • Ingestion points: Search results (titles and snippets) in search.js and full page content fetched and parsed in both search.js and content.js.
  • Boundary markers: Output is delimited using text headers like --- Result 1 ---, but the skill does not provide explicit instructions to the agent to disregard commands embedded within the retrieved data.
  • Capability inventory: The skill's scripts are limited to performing network requests via fetch. There are no capabilities for executing shell commands, writing to the file system, or accessing sensitive environment credentials.
  • Sanitization: The skill uses @mozilla/readability and jsdom to parse and clean HTML content, removing dangerous elements such as <script> and <style> tags before converting the results to markdown format.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 08:18 AM