scraper-studio

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). Outsider free text can enter the LLM context via Bright Data’s AI Flow during bdata scraper create, which sends the user-provided <url> to Bright Data and has the model read the fetched page content (public web content scraped at runtime) to generate the scraper template.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill makes runtime calls to Bright Data's API (e.g. https://api.brightdata.com) to trigger Bright Data's AI Flow and to run remote scrapers, which executes remote code/AI generation and is a required external dependency for the skill.