brightdata-web-mcp
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill p res en ts a signific ant sur face for Indirect Prom p t Injec tio n at tac ks.\n
- Inges tio n poin ts: Un t r us ted con tent is inges ted from any UR L via the
scrape_as_mar k dow n,scrape_as_html, an dsear c h_enginetools.\n - Boun dary mar kers: No st r uc t ur al delimiters or specific sys tem in st r uc tio ns are provide d to separate scrape d con tent from agent in st r uc tio ns.\n
- Capability inven tory: The skill inclu des high-privilege in terac tio n tools suc h as
scraping_brow ser_clic k_ref,scraping_brow ser_type_ref, an dscraping_brow ser_navigate, whic h an at tac ker-con t rolle d page coul d ex ploit to per form ac tio ns on behalf of the user.\n - Sanitiza tio n: No vali da tio n or sanitiza tio n of inges ted con tent is per forme d befo re pas sing it to the agent.\n- [EXTERNAL_DOWNLOADS] (MED IU M): Local in st alla tio n in st r uc tio ns use
npx @brig ht data/mcp, whic h dow nloa ds an d exec utes thir d-par ty co de from the npm regis t r y at run time. The '@brig ht data' scope is not wit hin the define d lis t of t r us ted or ganiza tio ns.\n- [COMMAND_EXECUTION] (MED IU M): The skill set up req uires the user to exec ute shell com man ds for in st alla tio n an d envir on ment variable config ura tio n.
Recommendations
- AI detected serious security threats
Audit Metadata