The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from the web and processes it through an AI-powered extraction tool. Malicious instructions embedded in a scraped website could potentially manipulate the extraction logic or influence the agent's subsequent decisions.
Ingestion points: Untrusted data enters the agent's context through tools like scrape_as_markdown, scrape_batch, and scraping_browser_navigate as mentioned in SKILL.md and references/content-scraping.md.
Boundary markers: The skill lacks explicit instructions or delimiters that would help the agent distinguish between its own operational instructions and the potentially adversarial content found within scraped web pages.
Capability inventory: The skill utilizes several powerful tools including file system access via Read, Grep, and Glob, and extensive network capabilities via the Bright Data MCP server.
Sanitization: There are no documented procedures for sanitizing, filtering, or validating external content before it is processed by the language model for extraction or analysis.

research-brightdata