brave-search
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill communicates exclusively with the official Brave Search API at
api.search.brave.com. Brave is a well-known service, and communication with its official domain is considered safe. - [SAFE]: The skill correctly uses the
BRAVE_API_KEYenvironment variable for authentication, adhering to security best practices by avoiding hardcoded credentials. - [PROMPT_INJECTION]: The skill has an inherent surface for indirect prompt injection because it processes untrusted search results from the public web.
- Ingestion points: Search results, descriptions, and extra snippets returned by the API (SKILL.md).
- Boundary markers: Absent; the fetched search content is not wrapped in security delimiters or provided with instructions to ignore embedded commands.
- Capability inventory: The agent can perform network requests using
curlto the search API. - Sanitization: None; snippets from external websites are ingested directly without filtering or sanitization.
Audit Metadata