data-feeds
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [INDIRECT_PROMPT_INJECTION] (HIGH): The skill is designed to ingest large amounts of untrusted data from over 40 external sources (LinkedIn, Amazon, TikTok, etc.).
- Ingestion points: Data enters the agent's context via the Bright Data API in
scripts/fetch.sh, which returns scraped content from arbitrary URLs. - Boundary markers: Absent. The skill provides no delimiters or system-level instructions to the agent to disregard instructions found within the scraped data.
- Capability inventory: While the skill itself only performs network GET/POST and JSON parsing, it is designed to be used by an agent that likely possesses broader capabilities (file access, further tool execution) that can be manipulated by the ingested content.
- Sanitization: None. The skill relies on external parsing but does not sanitize the text content (e.g., product reviews or profile bios) for embedded prompt injection patterns.
- [CREDENTIALS_UNSAFE] (LOW): The skill requires the
BRIGHTDATA_API_KEYenvironment variable. While no secrets are hardcoded, the use of a persistent API key for a third-party service increases the impact if the agent's environment is compromised. - [COMMAND_EXECUTION] (LOW): The skill uses a chain of bash scripts (
datasets.shcallingfetch.sh). The scripts usejqto safely handle input arguments and construct JSON payloads, which mitigates traditional shell injection risks.
Recommendations
- AI detected serious security threats
Audit Metadata