brave-search
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill ingests untrusted content from the Brave Search API. \n
- Ingestion points: Search results are fetched from api.search.brave.com in scripts/brave-search.py. \n
- Boundary markers: Basic XML-style delimiters () are used in format_results_text, which can be circumvented by malicious search result content. \n
- Capability inventory: The skill performs network read and local print operations; it does not have file-write or subprocess execution capabilities. \n
- Sanitization: No filtering or escaping is applied to the title or description fields returned by the API before they are passed to the agent. \n- Data Exposure & Exfiltration (LOW): The script performs network requests to api.search.brave.com, which is a non-whitelisted domain. This is required for its stated functionality and does not involve sensitive file access.
Audit Metadata