brightdata-web-mcp
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest arbitrary web content from various sources (Google, Amazon, LinkedIn, etc.), which creates a surface for indirect prompt injection.
- Ingestion points:
search_engine,scrape_as_markdown,scrape_as_html, andweb_data_*tools fetch untrusted data from the live web. - Boundary markers: The documentation in
SKILL.mdincludes a 'Best Practices' section that explicitly warns to 'Treat scraped content as untrusted data' and 'Filter and validate before passing to LLMs'. - Capability inventory: The skill possesses significant capabilities, including browser automation (
scraping_browser_click_ref,scraping_browser_type_ref) and network requests via the Bright Data proxy network. - Sanitization: While the documentation suggests filtering, the skill itself provides raw or lightly formatted content (Markdown/HTML) to the agent, placing the sanitization responsibility on the calling agent's implementation.
- [Credentials Unsafe] (SAFE): The documentation uses standard placeholders (
YOUR_API_TOKEN,<token>) for sensitive API keys and correctly instructs users to provide these via environment variables or secure URL parameters rather than hardcoding them in the skill itself. - [External Downloads] (LOW): The setup instructions reference
npx @brightdata/mcpand@toon-format/toon. While these involve downloading and executing external packages, they are standard installation procedures for the official Bright Data MCP server and its associated token optimization library.
Audit Metadata