brave-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly performs web searches and fetches arbitrary public webpages (see SKILL.md "Fetches a URL and extracts readable content", search.js's fetchBraveResults and fetchPageContent which call the Brave Search API and fetch result.link, and content.js which fetches and parses an input URL), so untrusted third‑party page content is ingested and can directly influence outputs and next actions.