Skills
skills/vm0-ai/vm0-skills/bright-data/Gen Agent Trust Hub

bright-data

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: Employs the curl utility to interact with Bright Data API endpoints for data collection and account management. This is the expected and documented method for using the service.
  • [DATA_EXFILTRATION]: Network activity is directed exclusively to api.brightdata.com, a well-known service domain. No unauthorized exfiltration of sensitive local data was identified.
  • [CREDENTIALS_UNSAFE]: The skill correctly instructs users to manage their API key via an environment variable (BRIGHTDATA_TOKEN) rather than hardcoding it, which aligns with security best practices.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes data from external social media platforms.
  • Ingestion points: Data is retrieved from Twitter, Reddit, YouTube, Instagram, TikTok, and LinkedIn via the Bright Data API as described in SKILL.md.
  • Boundary markers: The skill does not define specific delimiters or instructions to treat scraped content as untrusted data.
  • Capability inventory: Includes network requests via curl and the ability to write JSON payloads to /tmp/brightdata_request.json.
  • Sanitization: No automated sanitization or validation of the retrieved external content is specified in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 04:43 PM