Skills
skills/firecrawl/cli/firecrawl-scrape/Gen Agent Trust Hub

firecrawl-scrape

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the firecrawl command-line interface via Bash to perform web scraping. It supports multiple flags for rendering JavaScript content, querying specific data, and saving output to the local filesystem.
  • [EXTERNAL_DOWNLOADS]: The skill suggests the use of npx firecrawl, which downloads the Firecrawl package from the npm registry. Since this originates from the skill's official vendor, it is considered a standard and safe deployment method.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of ingesting data from external websites.
  • Ingestion points: Content is retrieved from any user-provided or search-discovered URL via the firecrawl scrape command (SKILL.md).
  • Boundary markers: The instructions do not define specific delimiters or instructions for the agent to ignore potentially malicious commands embedded in the scraped markdown.
  • Capability inventory: The agent can execute the firecrawl command and write files to the .firecrawl/ directory (SKILL.md).
  • Sanitization: There is no evidence of content sanitization or filtering to prevent the injection of malicious instructions from the target web pages.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 11:00 PM