firecrawl
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The Bash script
scripts/firecrawl.shorchestrates API calls and data processing using standard tools likecurlandjq. - [EXTERNAL_DOWNLOADS]: The skill fetches content from the internet via
api.firecrawl.dev, the official endpoint for Firecrawl, which is a recognized service provider for web scraping. - [PROMPT_INJECTION]: The skill has an attack surface for Indirect Prompt Injection because it processes untrusted data from external websites.
- Ingestion points: Data enters the agent's context through the
scrape,crawl, andsearchfunctions defined inscripts/firecrawl.sh. - Boundary markers: The script does not implement specific delimiters or instructions to ignore potential commands embedded in the scraped text.
- Capability inventory: The script has the ability to make network requests (
curl) and retrieve secrets from the user's password manager (pass). - Sanitization: The output is structured using
jq, but the textual content extracted from the web is not sanitized for malicious instructions.
Audit Metadata