Skills
skills/brightdata/skills/brightdata-sdk/Gen Agent Trust Hub

brightdata-sdk

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from various external websites, creating a potential surface for indirect prompt injection attacks.
  • Ingestion points: Web scraping results from Amazon, LinkedIn, YouTube, and other platforms, as well as arbitrary URLs via the scrape_url method.
  • Boundary markers: Absent. The instructions do not provide specific markers or guidance to separate scraped content from the agent's instructions.
  • Capability inventory: The skill includes network request capabilities and browser automation (CDP connection), allowing for follow-up actions based on scraped content.
  • Sanitization: Absent. There are no instructions for sanitizing or validating retrieved web content before the agent interprets it.
  • [COMMAND_EXECUTION]: The Browser API facilitates remote browser interaction via the Chrome DevTools Protocol (CDP), as detailed in references/advanced.md, allowing the agent to perform actions such as clicking, scrolling, and executing JavaScript within a remote browser session.
  • [EXTERNAL_DOWNLOADS]: The documentation references external automation frameworks including Playwright, Puppeteer, and Selenium, which are used to connect to the Bright Data Browser API for advanced web interactions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 11:14 AM