brave-search
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
curlto make API requests andjqto process the resulting JSON data. This is the intended functional behavior for a command-line search tool.\n- [EXTERNAL_DOWNLOADS]: Retrieves data from Brave's official API domains (api.search.brave.com). These are well-known technology services and the communication is documented neutrally.\n- [PROMPT_INJECTION]: As the skill processes results from the open web, it has an inherent attack surface for indirect prompt injection. Malicious content found in search results could attempt to influence the agent's behavior.\n - Ingestion points: Search results (titles, descriptions, URLs) returned from Brave's API.\n
- Boundary markers: Absent. The skill does not provide specific instructions to ignore embedded commands within the search data.\n
- Capability inventory: The skill uses
curlfor network access,jqfor parsing, and can write temporary query strings to/tmp/brave_query.txt.\n - Sanitization: Content is parsed into specific fields via
jq, but the textual data within those fields is not sanitized or escaped.
Audit Metadata