brd-browser-debug
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill interacts exclusively with the official Bright Data API at
api.brightdata.comto retrieve session diagnostic information. This is a vendor-owned resource appropriate for the skill's purpose. - [SAFE]: Authentication is handled through the
BRIGHTDATA_API_KEYenvironment variable. This avoids hardcoded secrets and adheres to standard credential management practices. - [SAFE]: The skill's operations are limited to informational API requests and data presentation. It does not perform sensitive file system access, execute arbitrary shell commands, or maintain persistence on the host system.
- [PROMPT_INJECTION]: Indirect prompt injection surface analysis:
- Ingestion points: Session logs, target URLs, and error messages retrieved from
api.brightdata.com(as described in SKILL.md). - Boundary markers: Not present; the agent is instructed to process the raw API response content for diagnosis.
- Capability inventory: None; the skill does not define or utilize any dangerous capabilities such as file-writing, subprocess execution, or subsequent network operations.
- Sanitization: None specified; however, the risk is negligible as the skill lacks exploitable tools to act upon injected instructions.
Audit Metadata