firecrawl-crawl
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes
npx firecrawlwhich downloads the Firecrawl CLI package from the public npm registry. This is a standard installation method for the vendor's official tooling. - [COMMAND_EXECUTION]: The skill executes shell commands via
firecrawlandnpx firecrawlto perform crawling operations. This includes writing extracted data to the local filesystem using the-oor--outputflags. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core functionality.
- Ingestion points: Untrusted data is ingested from external websites during the crawl process as described in SKILL.md.
- Boundary markers: The skill does not provide instructions for the agent to use delimiters or ignore instructions embedded within the crawled content.
- Capability inventory: The skill has the capability to perform network requests (crawling) and write files to the local system via Bash commands.
- Sanitization: There is no evidence of sanitization or validation performed on the ingested web content before it is returned to the agent's context.
Audit Metadata