brave-search
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection via external web content.
- Ingestion points: The
content.jsandsearch.jsscripts fetch HTML content from arbitrary URLs provided as arguments or found in search results. - Boundary markers: The output format does not utilize distinct delimiters or specific instructions for the agent to disregard potential instructions found within the fetched web content.
- Capability inventory: No high-privilege capabilities such as file system writes, subprocess execution, or access to sensitive local environment variables were found in the code.
- Sanitization: The skill uses
@mozilla/readabilityandturndownto convert HTML to Markdown, which effectively filters out executable scripts and styling information before the content reaches the agent. - [SAFE]: The network requests performed are limited to the Brave Search engine and the specific URLs the user or agent explicitly requests to fetch, which is the primary intended function of the skill.
- [EXTERNAL_DOWNLOADS]: Dependencies are restricted to reputable and well-known packages from the official NPM registry for DOM parsing and content transformation.
Audit Metadata