Skills
skills/agentskillexchange/skills/Firecrawl Markdown Capture Pipeline/Gen Agent Trust Hub

Firecrawl Markdown Capture Pipeline

Pass

Audited by Gen Agent Trust Hub on Jun 4, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references official project documentation and repositories from Firecrawl's GitHub and website.
  • [PROMPT_INJECTION]: The skill contains misleading metadata and identifies an indirect prompt injection attack surface.
  • The frontmatter reports significantly inflated statistics (102,630 GitHub stars and 256,794 weekly NPM downloads) which do not align with the actual public metrics for the Firecrawl project.
  • The metadata includes a 'security_reviewed' verification claim that cannot be independently validated.
  • Indirect Prompt Injection Surface:
  • Ingestion points: The skill is designed to ingest untrusted site content via Firecrawl's scraping and crawling endpoints (documented in SKILL.md).
  • Boundary markers: Absent. The instructions do not provide delimiters or warnings to the agent to ignore instructions embedded in the scraped Markdown content.
  • Capability inventory: The skill allows the agent to process and utilize scraped content for research and retrieval purposes.
  • Sanitization: No sanitization, filtering, or escaping mechanisms for external content are specified in the provided instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 4, 2026, 12:17 PM
Security Audit — agent-trust-hub — Firecrawl Markdown Capture Pipeline