firecrawl-instruct
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npx firecrawlto download and run the Firecrawl CLI from the public npm registry. - [COMMAND_EXECUTION]: Instructs users on how to execute browser automation tasks and arbitrary code snippets in Python, Node.js, or Bash via the
firecrawl interact --codecommand for precise page control. - [PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection because it processes data from untrusted external web pages that could contain instructions designed to manipulate the browser session.
- Ingestion points: Arbitrary URLs provided to the
firecrawl scrapecommand inSKILL.md. - Boundary markers: None identified in the instructional prompts.
- Capability inventory: Capabilities include clicking elements, filling forms, and executing code via the
firecrawl interactcommand inSKILL.md. - Sanitization: No explicit sanitization or filtering of the scraped web content is mentioned in the instructions.
Audit Metadata