Skills
skills/firecrawl/firecrawl-cli/firecrawl-download/Gen Agent Trust Hub

firecrawl-download

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes bash commands using the firecrawl CLI to automate site mapping and scraping into local files. This is consistent with the skill's primary purpose.
  • [EXTERNAL_DOWNLOADS]: The skill uses npx firecrawl, which can download the vendor's official package from the npm registry. This is a standard and safe operation for accessing the author's tools.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from external websites.
  • Ingestion points: Website content (markdown, links, etc.) fetched from user-provided URLs in SKILL.md.
  • Boundary markers: None identified in the instruction set to delimit external content or warn the agent about embedded instructions.
  • Capability inventory: The skill can write files to the local .firecrawl/ directory and make network requests via the firecrawl tool.
  • Sanitization: No sanitization or validation of the downloaded web content is specified in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 02:46 PM