firecrawl
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill installs the
firecrawl-clipackage via npm using a pinned version (1.4.1) inrules/install.md. This is a standard and acceptable practice for CLI-based skills.\n- Privilege Escalation (SAFE): The installation instructions inrules/install.mdexplicitly recommend against usingsudo. It provides a safer alternative by configuring a local npm global directory (~/.npm-global), demonstrating good security hygiene.\n- Indirect Prompt Injection (SAFE): The skill correctly identifies that web content fetched via scraping is untrusted.rules/security.mdprovides mandatory guidance for the agent, including file-based isolation in a.firecrawl/directory and incremental reading (usinggreporhead) to minimize exposure to potentially malicious instructions embedded in web pages.\n- Data Exposure & Exfiltration (SAFE): No evidence of credential exfiltration or access to sensitive local files was found. The tool naturally communicates with its own service (firecrawl.dev) for its core functionality as a web scraper.
Audit Metadata