Skills
skills/developersdigest/test-agent-skill-fc-13/firecrawl/Gen Agent Trust Hub

firecrawl

Warn

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the installation of the firecrawl-cli package from npm, which is an unverified third-party source. Evidence: npm install -g firecrawl-cli@1.4.1 in rules/install.md.
  • REMOTE_CODE_EXECUTION (MEDIUM): The firecrawl browser tool allows the execution of arbitrary JavaScript via the eval command. Evidence: eval <js> is listed as a core browser command in SKILL.md.
  • PROMPT_INJECTION (LOW): The skill is designed to process untrusted third-party web content, creating a risk for indirect prompt injection. 1. Ingestion points: firecrawl search, scrape, crawl, and agent commands in SKILL.md. 2. Boundary markers: The skill mandates the use of file-based isolation using the -o flag in rules/security.md. 3. Capability inventory: The skill uses shell command execution and file writing. 4. Sanitization: The security rules recommend incremental reading using grep or head to limit exposure.
  • COMMAND_EXECUTION (LOW): The skill utilizes complex shell command patterns for parallel execution. Evidence: Use of xargs -P and sh -c for parallel scraping in SKILL.md.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 18, 2026, 09:00 PM