Skills
skills/agentskillexchange/skills/Firecrawl Web Data API for AI Agents/Gen Agent Trust Hub

Firecrawl Web Data API for AI Agents

Pass

Audited by Gen Agent Trust Hub on Jun 4, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: References the official 'firecrawl' NPM package and fetches documentation from the Firecrawl GitHub repository. These sources are considered legitimate for the provided functionality.
  • [PROMPT_INJECTION]: The skill's primary function is scraping web content, which exposes the agent to indirect prompt injection from untrusted external data.
    1. Ingestion points: Web pages and search results processed via the Firecrawl API.
    1. Boundary markers: None specified in the documentation.
    1. Capability inventory: Extraction of markdown and structured JSON for research and retrieval workflows.
    1. Sanitization: No sanitization or filtering logic is defined within the skill itself.
  • [SAFE]: The skill metadata includes an unverified 'security_reviewed' status and exaggerated popularity metrics. While these are identified as deceptive data points, they do not introduce executable vulnerabilities or functional hazards.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 4, 2026, 12:17 PM
Security Audit — agent-trust-hub — Firecrawl Web Data API for AI Agents