Skills
skills/firecrawl/firecrawl-cli/firecrawl-interact/Gen Agent Trust Hub

firecrawl-interact

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run firecrawl and npx firecrawl commands. It also includes an --interact --code flag that executes scripts in Bash, Python, or Node.js to control browser sessions.
  • [EXTERNAL_DOWNLOADS]: The skill uses npx firecrawl, which downloads the firecrawl package from the NPM registry, a well-known and trusted service.
  • [REMOTE_CODE_EXECUTION]: The --code parameter allows for the execution of dynamic scripts within a browser environment as a primary feature of the interaction tool.
  • [DATA_EXFILTRATION]: The skill can access and persist sensitive browser state (cookies, storage) through the --profile flag and can save extracted data to local files using the --output option.
  • [PROMPT_INJECTION]: Indirect prompt injection surface detected. 1. Ingestion points: Scraped web pages from firecrawl scrape. 2. Boundary markers: Absent in the instructions. 3. Capability inventory: Execution of shell commands and scripts via firecrawl interact --code. 4. Sanitization: No evidence of content sanitization before influencing browser actions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 05:33 PM