firecrawl
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: Troubleshooting instructions suggest using
sudofor the installation of the Firecrawl CLI, which involves acquiring elevated system privileges. - [DATA_EXFILTRATION]: The skill provides procedures for persisting the
FIRECRAWL_API_KEYin shell configuration files like~/.bashrcor~/.zshrc, involving the handling and storage of sensitive authentication credentials. - [COMMAND_EXECUTION]: An 'Expert Pattern' for parallel scraping uses
sh -cwithinxargsto interpolate input variables directly into shell commands. This creates a potential command injection vulnerability if the inputs (e.g., URLs) are not strictly sanitized. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. Ingestion points: Web content enters the context via
firecrawl scrapeandfirecrawl search(SKILL.md). Boundary markers: None identified for delimiting scraped content. Capability inventory: Shell command execution, file system access, and network operations (SKILL.md). Sanitization: No evidence of content sanitization before processing. - [EXTERNAL_DOWNLOADS]: The skill depends on the installation of the
firecrawl-clipackage from the npm registry.
Audit Metadata