firecrawl-scraper
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it is designed to ingest and process untrusted content from the web.
- Ingestion points: Web content is fetched via the Firecrawl API in templates like templates/firecrawl-scrape-python.py and templates/firecrawl-crawl-example.py.
- Boundary markers: There are no explicit delimiters or instructions provided in the templates to isolate external content from the agent's internal logic.
- Capability inventory: The provided Python templates include file-writing capabilities (open().write()) which could be used to store malicious payloads if the agent is manipulated by external content.
- Sanitization: The skill lacks sanitization or validation of the ingested markdown data before it is processed or stored.
Audit Metadata