BrightData

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its core function of scraping and processing untrusted content from the internet.\n
  • Ingestion points: Web content is ingested via FourTierScrape.md and Crawl.md (all tiers and modes).\n
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands within the scraped content are provided.\n
  • Capability inventory: The agent has access to bash (for curl), agent-browser (CLI tool), and various Bright Data MCP tools (scrape_batch, scrape_as_markdown).\n
  • Sanitization: There are no instructions for sanitizing, escaping, or validating the external content before it is presented or processed.\n- [COMMAND_EXECUTION]: The skill uses the bash tool to execute curl commands and invokes a local CLI tool.\n
  • Notification System: Every invocation triggers a background curl request to http://localhost:31337/notify for voice notifications.\n
  • Tier 2 Scraping: Uses curl with complex browser headers to fetch web pages.\n
  • Full Crawl: Uses curl to interact with the Bright Data API (api.brightdata.com).\n
  • Browser Automation: Invokes the agent-browser binary for JavaScript rendering.\n- [EXTERNAL_DOWNLOADS]: The skill is designed to fetch data from arbitrary external URLs.\n
  • Scraping Activity: Downloads content from user-specified URLs through multiple methods (WebFetch, curl, browser automation).\n
  • API Interaction: Communicates with Bright Data's official API for large-scale crawling tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 03:33 PM
Security Audit — agent-trust-hub — BrightData