firecrawl
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires the installation of the
firecrawl-clipackage from the npm registry. - Evidence: Found in
rules/install.md:npm install -g firecrawl-cli@1.4.1. - Note: While the author is not on the predefined trusted list, the package is a versioned release from a standard public registry.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection because it retrieves and processes untrusted data from the internet.
- Ingestion points:
SKILL.md(viasearch,scrape,crawl, andagentcommands). - Boundary markers: Present.
rules/security.mdmandates using the-oflag to write output to local files in the.firecrawl/directory rather than injecting raw content directly into the prompt context. - Capability inventory: The skill allows shell execution of the
firecrawlCLI and utilizes theagentcommand for autonomous extraction (SKILL.md). - Sanitization: Present.
rules/security.mdinstructs the agent to use URL quoting in shell commands and perform incremental reads (e.g.,head,grep) to limit the amount of untrusted content loaded into the LLM context window at once.
Audit Metadata