firecrawl-scraper
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The installation command
npx skills add -g BenedictKing/firecrawl-scraperreferences a GitHub repository that is not on the trusted sources list. Installing code from unverified third-party authors poses a risk of executing malicious logic during the setup or execution phase.\n- [PROMPT_INJECTION] (LOW): This skill is vulnerable to indirect prompt injection (Category 8) because its primary purpose is to ingest data from external, attacker-controllable web sources.\n - Ingestion points: Web pages (scraping/crawling) and PDF files via the Firecrawl API.\n
- Boundary markers: No specific delimiters or 'ignore' instructions are provided in the skill documentation to prevent the agent from obeying instructions found within scraped content.\n
- Capability inventory: Deep content extraction, page interaction, and PDF parsing.\n
- Sanitization: There is no evidence of sanitization, escaping, or filtering of the content retrieved from the web before it is passed to the agent's context.
Audit Metadata