brave-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and parses open web content — search.js calls https://search.brave.com and (with --content) fetchPageContent(url) retrieves and extracts arbitrary result.link pages (and content.js fetches any provided URL), so untrusted third-party page text is ingested and presented for use in the agent's workflow and could influence subsequent decisions.