brave-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's search.js and content.js explicitly fetch and parse public web pages (search.js calls https://search.brave.com in fetchBraveResults and fetchPageContent fetches result links; content.js fetches arbitrary URLs) so the agent ingests untrusted, user-controlled web content that could contain instructions and influence its subsequent behavior.