firecrawl
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill requires the installation of the
firecrawl-cli@1.4.1package from the npm registry as described inrules/install.md. While the version is pinned, this is an external dependency from a non-pre-approved source. - COMMAND_EXECUTION (LOW): The core functionality of the skill relies on executing shell commands (e.g.,
firecrawl search,firecrawl scrape). The agent must have permission to execute these commands to function. - PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection because it ingests untrusted data from the web (scraping, searching, and crawling) and returns it as markdown for the LLM to process.
- Ingestion points: Scrape, search, and crawl commands in
SKILL.mdingest external web content. - Boundary markers: Absent. The instructions do not specify how the agent should distinguish between its instructions and the content returned by the tool.
- Capability inventory: The skill allows for file writing (
-oflag), browser automation (firecrawl browser), and autonomous data extraction (firecrawl agent). - Sanitization: No explicit sanitization of the scraped markdown content is mentioned in the provided files.
Audit Metadata