Skills
skills/developersdigest/test-agent-skill-fc-6/firecrawl/Gen Agent Trust Hub

firecrawl

Pass

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires installation of firecrawl-cli@1.4.1 from npm (rules/install.md), which is an external dependency from a source not on the pre-approved trusted list.
  • [PROMPT_INJECTION] (LOW): High surface area for Indirect Prompt Injection (Category 8) due to its core function of scraping untrusted web data.
  • Ingestion points: Untrusted data enters the agent context via scrape, search, crawl, and agent commands defined in SKILL.md.
  • Boundary markers: The skill documentation (SKILL.md) explicitly instructs the agent to isolate content using the -o flag to write output to a .firecrawl/ directory, preventing direct injection into the instruction prompt.
  • Capability inventory: The skill utilizes shell execution for CLI operations and network access for web data retrieval.
  • Sanitization: The documentation recommends using incremental reading tools like grep and head to minimize exposure to potentially malicious instructions in scraped content.
  • [COMMAND_EXECUTION] (SAFE): Commands are well-defined and include safety advice to quote URLs to prevent command injection.
  • [CREDENTIALS_UNSAFE] (SAFE): Authentication instructions in rules/install.md use placeholders for API keys and standard OAuth flows.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 18, 2026, 07:17 PM