competitive-intel
Fail
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill requires the installation of the Bright Data CLI using a shell-piped script:
curl -fsSL https://cli.brightdata.com/install.sh | bash. While this is the official installation method for the vendor's software, it executes a remote script directly in the environment. - [COMMAND_EXECUTION]: Extensive use of shell commands through the
bdataCLI to perform data collection, including searches, scraping, and pipeline execution. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from arbitrary external websites. 1. Ingestion points: Content retrieved via
bdata scrapeand structured pipelines. 2. Boundary markers: The instructions do not provide specific delimiters or ignore-instructions to isolate the agent from content in the scraped data. 3. Capability inventory: The agent has access to a shell for executingbdatacommands and potentially other operations. 4. Sanitization: No explicit validation or filtering of retrieved web content is performed before analysis.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.brightdata.com/install.sh - DO NOT USE without thorough review
Audit Metadata