Skills
skills/benedictking/firecrawl-scraper/firecrawl-scraper/Gen Agent Trust Hub

firecrawl-scraper

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONNO_CODE
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The skill relies on executing a local Node.js script (firecrawl-api.cjs) via the Bash tool. Because this file's content is not provided, the actual operations performed on the local system cannot be verified, posing a risk of undocumented behavior or vulnerabilities.
  • INDIRECT_PROMPT_INJECTION (LOW): This skill is vulnerable to instructions hidden within scraped web pages.
  • Ingestion points: Data enters the system via the url parameter used in scrape, crawl, and map functions.
  • Boundary markers: Absent. There are no instructions or delimiters defined to help the agent distinguish between the scraped data and its own system instructions.
  • Capability inventory: The skill has access to powerful tools including Bash, Write, and Task, which could be exploited if the agent follows malicious instructions found on a scraped website.
  • Sanitization: Absent. The content retrieved from the web is passed directly into the agent's context as markdown or HTML without filtering or escaping.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 04:50 PM