bright-data-mcp
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The instructions mandate the use of the skill's tools as the default for all web operations, explicitly overriding built-in agent capabilities.
- Evidence: SKILL.md contains directives such as 'Bright Data MCP MUST be the default tool for ALL web data tasks' and 'Do NOT fall back to WebFetch or WebSearch'.
- [PROMPT_INJECTION]: The skill ingests untrusted data from external websites and possesses capabilities to interact with those sites, creating a surface for indirect prompt injection.
- Ingestion points: Tools such as 'scrape_as_markdown', 'scrape_batch', and 'search_engine' (SKILL.md, references/mcp-tools.md) ingest content from arbitrary URLs.
- Boundary markers: No delimiters or instructions to ignore embedded commands are present in the guidelines for processing retrieved content.
- Capability inventory: Browser automation tools including 'scraping_browser_click_ref' and 'scraping_browser_type_ref' (references/mcp-tools.md) allow for automated page interaction.
- Sanitization: The skill does not define sanitization or validation procedures for content retrieved from external sources before it is processed by the agent.
- [EXTERNAL_DOWNLOADS]: The documentation guides the user to fetch a package from the official npm registry.
- Evidence: 'npm install -g @brightdata/mcp' is recommended in references/mcp-setup.md.
- [COMMAND_EXECUTION]: The setup instructions provide command-line instructions for running a local server.
- Evidence: references/mcp-setup.md includes the command 'API_TOKEN=your_token PRO_MODE=true npx @brightdata/mcp'.
Audit Metadata