brightdata-cli
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides the user to install the Bright Data CLI using standard methods, including
npm install -g @brightdata/cliand a shell script installation viacurl -fsSL https://cli.brightdata.com/install.sh | bash. - [REMOTE_CODE_EXECUTION]: The
bdata skill addcommand is documented as a mechanism to download and install additional AI agent skills directly into the user's environment. - [COMMAND_EXECUTION]: The skill facilitates the execution of local terminal commands using the
brightdataorbdataCLI to interact with external APIs for web scraping, SERP searches, and data pipeline management. - [PROMPT_INJECTION]: Because the skill is designed to ingest and process arbitrary web content (via the
scrape,search, andpipelinescommands), it presents a surface for indirect prompt injection. Malicious instructions embedded in scraped websites or search results could potentially influence the agent's behavior during data processing. - [DATA_EXFILTRATION]: The CLI manages authentication by storing credentials locally in
~/.config/brightdata-cli/credentials.jsonand supports the use of theBRIGHTDATA_API_KEYenvironment variable for non-interactive sessions. This is a standard practice for CLI-based authentication and configuration management.
Audit Metadata