brightdata-mcp

The server primarily acts as a wrapper around Bright Data's secure APIs, passing user-provided URLs and queries. It uses environment variables for sensitive API tokens and zone configurations, which is a good practice. Browser automation relies on ARIA refs, which are more robust and less prone to injection than arbitrary CSS selectors. The `extract` tool sends scraped markdown content along with an optional user prompt to an LLM for structured extraction. While the tool attempts to constrain the LLM's response to JSON, the injection of user-controlled `extraction_prompt` into the LLM's input is a potential vector for prompt injection for the LLM itself, though not a direct code execution vulnerability within the MCP server. No `eval` or blatant direct code injection patterns are observed. Overall, it delegates core web interaction security to Bright Data's infrastructure.