Skills
skills/developersdigest/test-agent-skill-fc-5/firecrawl/Gen Agent Trust Hub

firecrawl

Warn

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the installation of the firecrawl-cli package from npm. This package and its maintainers are not included in the Trusted External Sources list.
  • [COMMAND_EXECUTION] (MEDIUM): The firecrawl browser command allows for the execution of arbitrary scripts using the --python, --node, and --bash flags. While the documentation states these run in a 'remote sandboxed cloud environment', this still grants the agent the capability to generate and execute code based on potentially untrusted instructions.
  • [PROMPT_INJECTION] (LOW): The skill is a major surface for Indirect Prompt Injection (Category 8) as its primary purpose is to ingest third-party web content.
  • Ingestion points: SKILL.md (via the scrape, search, crawl, and map commands which fetch external web data).
  • Boundary markers: Present. The skill mandates writing output to the .firecrawl/ directory using the -o flag and suggests using grep or head to avoid reading entire malicious payloads into the agent context.
  • Capability inventory: Execution of firecrawl CLI, npm for installation, and file manipulation utilities (grep, head, wc).
  • Sanitization: The skill explicitly instructs the agent to quote URLs to prevent shell command injection.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 18, 2026, 07:08 PM