brave-search
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill connects to the Brave Search API (api.search.brave.com) to retrieve web search data.\n- [COMMAND_EXECUTION]: Provides several Bash scripts (search.sh, search_ja.sh, search_news.sh) that utilize curl and jq for API interaction.\n- [DATA_EXFILTRATION]: Reads the Brave Search API key from the local configuration file ~/.clawdbot/brave-search-config.json and includes it in headers sent to the official API endpoint.\n- [PROMPT_INJECTION]: The skill processes untrusted content from web search results, which represents an indirect prompt injection surface.\n
- Ingestion points: Search results (titles, snippets, URLs) from the api.search.brave.com endpoint.\n
- Boundary markers: No explicit delimiters are used in the scripts to isolate search data from the rest of the agent's context.\n
- Capability inventory: File system access for configuration reading and network access for API queries.\n
- Sanitization: The skill uses jq to parse JSON fields, but does not sanitize the text content of the results for potential instructions.
Audit Metadata