Skills
skills/bighardperson/computer-science-skills-collection/brave-search/Gen Agent Trust Hub

brave-search

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill performs network operations to external services.
  • Evidence:
  • search.js fetches search results from https://search.brave.com based on user queries.
  • content.js and search.js fetch arbitrary content from external URLs provided by the user or found in search results.
  • These operations are consistent with the skill's stated purpose of web search and content extraction.
  • [EXTERNAL_DOWNLOADS]: The skill relies on external npm packages and performs runtime data fetching.
  • Evidence:
  • Dependencies include @mozilla/readability, jsdom, turndown, and turndown-plugin-gfm.
  • The installation instructions in SKILL.md require running npm ci to download these dependencies.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the processing of untrusted web content.
  • Ingestion points: Web page content is fetched in search.js (snippets and full page content) and content.js (full page content).
  • Boundary markers: The skill uses basic structural markers such as --- Result N ---, Title:, and Snippet: in search.js, which provide limited separation between control text and untrusted data.
  • Capability inventory: The skill has network access (fetch) and outputs content directly to the agent's console, which is then processed as context.
  • Sanitization: No specific sanitization or filtering is performed to identify or neutralize embedded instructions in the fetched HTML or converted Markdown; only basic structural cleaning is performed in htmlToMarkdown functions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 01:02 AM
Security Audit — agent-trust-hub — brave-search