brave-search
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection surface identified. Ingestion points: content.js and search.js fetch HTML from untrusted external URLs and convert it to markdown for agent processing. Boundary markers: Absent; the output utilizes simple text headers which do not reliably isolate untrusted content from the agent's internal instructions. Capability inventory: The skill possesses network access capabilities via the fetch API. Sanitization: The skill employs readability and turndown for HTML processing but lacks mechanisms to filter or sanitize the resulting text for malicious prompt instructions.
- DATA_EXFILTRATION (LOW): Network operations to non-whitelisted domains detected. Evidence: search.js and content.js utilize the fetch API to reach Brave Search and various third-party websites based on user-provided input.
Audit Metadata