firecrawl
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the firecrawl-cli package from the official NPM registry. This is a well-known tool for web content extraction.
- [COMMAND_EXECUTION]: Utilizes the Bash tool to run firecrawl subcommands and npx, facilitating web search, scraping, and browser interactions.
- [PROMPT_INJECTION]: The skill proactively addresses indirect prompt injection risks by advising isolation of web data in a local directory and using incremental reading techniques to minimize exposure to malicious instructions embedded in scraped pages.
Audit Metadata