Skills
skills/developersdigest/test-agent-skill-fc-11/firecrawl/Snyk

firecrawl

Warn

Audited by Snyk on Feb 18, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests arbitrary public web content (e.g., SKILL.md commands like firecrawl scrape "<url>", firecrawl crawl "<url>", firecrawl search "...", firecrawl browser "open <url>") and its firecrawl agent LLM extraction processes that untrusted third‑party content (see SKILL.md and rules/security.md), so webpage content could contain instructions that materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches arbitrary user-specified URLs at runtime (e.g., the argument passed to "firecrawl scrape" and "firecrawl agent --urls"), and those fetched pages are ingested by the agent workflow so remote content can directly influence prompts/instructions, meeting the criteria for a runtime external dependency that can control agent behavior.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 18, 2026, 08:44 PM