firecrawl-scraping
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted external content from the web.
- Ingestion points: Web content is retrieved via
scripts/firecrawl_scrape.pyfrom user-supplied URLs. - Boundary markers: No specific delimiters or instructions are used to separate the scraped markdown content from agent instructions in the final output.
- Capability inventory: The skill allows for local file writing via the
--outputflag infirecrawl_scrape.py. - Sanitization: No sanitization or filtering of the scraped content is performed locally; the skill relies entirely on the Firecrawl API's conversion to markdown.
Audit Metadata