brave-search
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): As a web search tool, this skill inherently processes untrusted data from external websites. This is the intended functionality and is handled through standard API integration. + Ingestion points: Search results, snippets, and AI-grounded answers described in SKILL.md. + Boundary markers: None explicitly defined in the provided metadata. + Capability inventory: Information retrieval and research synthesis via subagents. + Sanitization: Relies on the Brave API and the agent's internal content handling.
- Data Exposure & Exfiltration (SAFE): The skill documentation correctly guides the user to use an environment variable (BRAVE_API_KEY) for authentication. No hardcoded secrets, sensitive file path access, or suspicious network exfiltration patterns were identified.
- Command Execution (SAFE): The skill defines a CLI entry point for its own execution but does not invoke arbitrary or dangerous system commands. The suggested use of multiple Bash tool calls is restricted to the skill's own search functionality.
- Unverifiable Dependencies (SAFE): The project structure uses standard build systems (setuptools) and does not include unverified third-party packages or remote script execution (e.g., curl|bash).
Audit Metadata