brave-search
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from external websites. * Ingestion points: The scripts content.js and search.js fetch HTML content from arbitrary URLs provided by the user or search results. * Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the fetched content. * Capability inventory: The skill has no dangerous system capabilities such as file system modification or arbitrary command execution; it is restricted to network fetching and standard output. * Sanitization: Content is structured through jsdom and @mozilla/readability to extract text and converted to Markdown via turndown, which provides structural isolation but does not filter semantic instructions.
Audit Metadata