brave-search
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses the official Brave Search API domain (api.search.brave.com) for all search requests, ensuring traffic is directed to the legitimate service.
- [SAFE]: Authentication is correctly implemented using an environment variable (BRAVE_SEARCH_API_KEY) to provide the subscription token in the X-Subscription-Token header.
- [SAFE]: The MCP server configuration refers to the well-known @modelcontextprotocol/server-brave-search package, which is a trusted dependency for the Model Context Protocol.
- [SAFE]: The skill has an indirect prompt injection surface due to processing search results. Ingestion points: search result titles and descriptions; Boundary markers: absent in examples; Capabilities: network access via curl and fetch; Sanitization: absent. This risk is inherent to search functionality and mitigated by the limited scope of the integration.
Audit Metadata