firecrawl
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill retrieves and processes arbitrary content from the web, which creates an attack surface for indirect prompt injection attacks where malicious data can influence the agent's behavior.
- Ingestion points: The
scrape,crawl, andsearchfunctions inscripts/firecrawl.shfetch external web content and pipe it to standard output. - Boundary markers: Absent. The skill does not implement delimiters or warnings to separate external data from system instructions.
- Capability inventory: The skill possesses the ability to execute shell commands (
Bash), perform network requests (curl), and read credentials viapass. - Sanitization: Absent. The content retrieved from external URLs is returned directly to the agent context without sanitization or filtering.
- [EXTERNAL_DOWNLOADS]: The script performs network operations targeting
api.firecrawl.dev. This is recognized as a well-known service for automated web data extraction.
Audit Metadata