Skills
skills/bobby44-max/boston-luxury-re-producer/firecrawl-scraper/Gen Agent Trust Hub

firecrawl-scraper

Pass

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill utilizes the @mendable/firecrawl-js package, which is the official library for Firecrawl, a well-known service for AI-powered web scraping. References to this service are documented as safe vendor integration.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes content from external real estate listing URLs. While this represents a data ingestion surface, the risk is mitigated by the implementation of a strict structured schema (PropertySchema) and the use of the Firecrawl extraction service.
  • Ingestion points: Website content from listingUrl passed to firecrawl.extract in SKILL.md.
  • Boundary markers: None explicitly defined in the extraction prompt, though the prompt is highly constrained to specific fields.
  • Capability inventory: The skill utilizes Bash, Read, Grep, and Glob tools.
  • Sanitization: The skill employs PropertySchema.safeParse in rules/property-extraction.md to validate and sanitize the extracted JSON data before use.
  • [CREDENTIALS_UNSAFE]: The skill correctly avoids hardcoding secrets, instead accessing the FIRECRAWL_API_KEY via process.env as shown in the integration examples in SKILL.md.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 24, 2026, 12:31 PM