firecrawl-scraper
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill is installed using the command
npx skills add -g BenedictKing/firecrawl-scraper, which downloads code from an external GitHub repository not associated with a trusted vendor or the skill author (claudiodearaujo). This leads to the installation and potential execution of unverifiable code from an unknown source.\n- [PROMPT_INJECTION]: The skill's primary function involves scraping web content and parsing PDFs, creating a surface for indirect prompt injection where malicious instructions embedded in external web pages could manipulate the AI agent's behavior.\n - Ingestion points: Web content, screenshots, and PDF documents retrieved via the Firecrawl API (SKILL.md).\n
- Boundary markers: The skill does not specify any delimiters or instructions for the agent to ignore commands within the scraped data.\n
- Capability inventory: High-privilege capabilities including web scraping, interaction (clicking/scrolling), and file parsing.\n
- Sanitization: No sanitization, filtering, or validation of the retrieved web content is mentioned in the skill definition.
Audit Metadata