Skills
skills/openclaw/skills/brave-search/Gen Agent Trust Hub

brave-search

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted content from the web, creating a surface for indirect prompt injection attacks.
  • Ingestion points: content.js and search.js fetch HTML from arbitrary URLs to extract text content.
  • Boundary markers: The output uses --- Result N --- headers to delineate search results, but does not provide explicit instructions to the agent to ignore or isolate embedded commands found within the web content.
  • Capability inventory: The skill code itself does not contain high-risk operations such as shell command execution or file system writing.
  • Sanitization: The implementation uses @mozilla/readability and JSDOM to remove scripts and styles, effectively stripping executable code and converting the structural content to Markdown.
  • [EXTERNAL_DOWNLOADS]: The skill fetches data from external network sources.
  • Brave Search: search.js fetches search results from https://search.brave.com using web scraping.
  • Arbitrary Content: content.js and search.js fetch content from any URL provided as a parameter or found in search results.
  • Documentation Discrepancy: SKILL.md states the tool requires a BRAVE_API_KEY, but the implementation performs HTML scraping without using any API authentication.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 04:53 AM