brave-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly calls the Brave Search MCP web/news/local search tools (e.g., mcp__brave-search__brave_web_search) and instructs the agent to fetch and process titles, URLs, descriptions, excerpts, and synthesize key points from public web and news pages—untrusted third-party content that the agent is expected to read and use to influence downstream decisions (see "Step 1: Select Search Mode" and "Step 3: Process Results").