brave-search
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Data Exposure & Exfiltration (LOW): The skill makes curl requests to api.search.brave.com. While legitimate for a search tool, these are network operations to a non-whitelisted domain.
- Indirect Prompt Injection (LOW): The agent processes search results which could contain malicious instructions. \n
- Ingestion points: Results from web, news, and image searches in SKILL.md. \n
- Boundary markers: Not used in provided examples to separate search results from agent instructions. \n
- Capability inventory: curl, jq, and bash. \n
- Sanitization: None; output is passed directly from API to stdout.
- Dynamic Execution (LOW): Commands are executed via bash -c to ensure environment variables are preserved across pipes. This is a common utility pattern for CLI tools and does not introduce significant risk given the provided templates.
Audit Metadata