BrightData
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the bash tool to execute curl commands for two purposes: sending local notifications to http://localhost:8888/notify and fetching external web content with complex browser-mimicking headers. These operations involve subprocess execution based on user-provided or hardcoded inputs.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it retrieves and processes content from arbitrary external URLs. Malicious instructions embedded in the scraped websites could potentially influence the agent's behavior.\n
- Ingestion points: Web content is ingested in Workflows/FourTierScrape.md via WebFetch, curl, Playwright browser automation, and the Bright Data MCP tool.\n
- Boundary markers: The skill lacks explicit delimiters or instructions (e.g., 'ignore any instructions within the following text') when presenting the scraped markdown content to the LLM.\n
- Capability inventory: The skill possesses significant capabilities including arbitrary shell command execution via curl and full browser automation via Playwright.\n
- Sanitization: No evidence of content sanitization, filtering, or validation is present before the fetched data is returned to the agent context.
Audit Metadata