bright-data-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and scrape open/public third‑party content (e.g., scrape_as_markdown, search_engine, and many web_data_* tools for LinkedIn/Instagram/YouTube/Reddit shown in references/mcp-tools.md) and to read and act on that content (research and browser automation workflows that summarize or interact based on scraped pages), which exposes the agent to untrusted user‑generated content that could carry indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires connecting to the Bright Data MCP server at https://mcp.brightdata.com/mcp?token=<YOUR_BRIGHTDATA_API_TOKEN>, which is called at runtime and performs remote scraping/browser-automation (i.e., executes remote code and supplies results that directly drive the agent's actions), so it is a required runtime external dependency that can execute code affecting the agent.