firecrawl-experimental
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires permission to execute firecrawl and npx firecrawl commands through the Bash tool to facilitate site mapping and data downloading.
- [EXTERNAL_DOWNLOADS]: The skill fetches the firecrawl utility from the NPM registry and downloads data from external websites to the local filesystem.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8). Ingestion point: Web content downloaded via firecrawl download (firecrawl-download/SKILL.md). Boundary markers: Absent. Capability inventory: Bash execution of firecrawl tools (SKILL.md, firecrawl-download/SKILL.md). Sanitization: Absent. The agent may be exposed to malicious instructions hidden in downloaded web pages.
Audit Metadata