The Agent Skills Directory

EXTERNAL_DOWNLOADS (LOW): The skill documentation recommends installation via npx @brightdata/mcp. This involves downloading and executing code from the public npm registry, which is a non-whitelisted external source for this analyzer. This finding is lowered from MEDIUM to LOW as it is the primary method for using the skill.\n- COMMAND_EXECUTION (LOW): The skill exposes browser automation tools such as scraping_browser_click_ref and scraping_browser_type_ref. While these are core features, they represent high-capability tools that could be abused if the agent is manipulated by web content.\n- PROMPT_INJECTION (LOW): The skill is a major surface for Indirect Prompt Injection (Category 8) due to its nature of ingesting arbitrary web data.\n
Ingestion points: Content is retrieved from any user-provided URL through tools like scrape_as_markdown and search_engine.\n
Boundary markers: The documentation contains a specific security section advising that scraped content should be treated as untrusted data.\n
Capability inventory: The skill allows for automated browser navigation, clicking, typing, and parallel web searches.\n
Sanitization: The author recommends using structured extraction (extract tool) to mitigate risk, though this does not fully eliminate the threat of malicious instructions in the scraped content.

brightdata-web-mcp