Skills
skills/firecrawl/firecrawl-cli/firecrawl-instruct/Gen Agent Trust Hub

firecrawl-instruct

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes firecrawl and npx firecrawl through the Bash tool to perform browser automation tasks, including scraping, clicking elements, and filling forms in a live session.
  • [EXTERNAL_DOWNLOADS]: The use of npx firecrawl involves fetching the firecrawl package from the official NPM registry. This is a standard distribution method for the author's tooling.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it interacts with and processes untrusted data from arbitrary web pages.
  • Ingestion points: External web content is ingested into the agent context via the firecrawl scrape command.
  • Boundary markers: The skill lacks explicit instructions for the agent to distinguish between its own objectives and potentially malicious instructions embedded in the scraped HTML or JavaScript.
  • Capability inventory: The skill possesses capabilities for network interaction, browser state persistence (via profiles), and data extraction.
  • Sanitization: No specific sanitization or filtering of the external page content is defined before the agent performs interactions based on that content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 07:46 AM