Skills
skills/firecrawl/firecrawl-cli/firecrawl-download/Snyk

firecrawl-download

Warn

Audited by Snyk on Mar 17, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md) explicitly maps and scrapes arbitrary public websites via the "firecrawl download " flow, fetching and ingesting untrusted third-party web pages whose content and links drive which pages are discovered and saved — enabling indirect prompt-injection from site content.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 17, 2026, 02:46 PM
Issues
1