firecrawl-scrape
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill employs the Bash tool to execute 'firecrawl' and 'npx firecrawl' commands for scraping web content and writing files to the '.firecrawl/' directory.
- [EXTERNAL_DOWNLOADS]: The command 'npx firecrawl' may download the Firecrawl package from the NPM registry if not already present; this is a standard behavior for this vendor-provided utility.
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by ingesting content from arbitrary external URLs.
- Ingestion points: Content fetched from user-provided URLs in SKILL.md examples.
- Boundary markers: No delimiters are specified for the scraped content.
- Capability inventory: Access to the Bash tool and file system writing.
- Sanitization: The tool converts HTML to markdown but does not explicitly filter for embedded agent instructions.
Audit Metadata