Skills
skills/developersdigest/test-agent-skill-fc-12/firecrawl/Gen Agent Trust Hub

firecrawl

Pass

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Unverifiable Dependencies] (LOW): The skill installs the firecrawl-cli package via npm. Although the source is not on the predefined trusted list, the installation is restricted to a specific version (1.4.1) and is central to the skill's primary purpose.
  • [Command Execution] (LOW): The skill utilizes shell commands to execute Firecrawl operations. It includes mitigations such as mandatory URL quoting to prevent shell injection.
  • [Prompt Injection] (LOW): As a web-scraping tool, the skill is exposed to indirect prompt injection from untrusted web content. Ingestion points: Web data fetched via scrape, search, crawl, and agent commands. Boundary markers: Commands use -o to isolate results in a .firecrawl/ directory; guidance instructs the agent to use incremental reading (e.g., head, grep) instead of full file ingestion. Capability inventory: Shell command execution, network requests via the CLI binary, and local file system writes. Sanitization: rules/security.md explicitly directs the agent to treat fetched content as untrusted data and ignore any embedded instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 18, 2026, 08:46 PM