firecrawl-scrape
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is configured to execute the
firecrawlCLI andnpx firecrawlvia Bash to perform web scraping. These operations are limited to the vendor's specific toolset. - [EXTERNAL_DOWNLOADS]: Use of
npx firecrawlinvolves downloading the Firecrawl package from the npm registry. As Firecrawl is the skill author, this is considered a trusted vendor resource. - [PROMPT_INJECTION]: The skill processes untrusted content from external URLs, establishing a surface for indirect prompt injection.
- Ingestion points: Data is ingested from user-provided URLs in SKILL.md.
- Boundary markers: No explicit delimiters or boundary instructions are provided to the agent to isolate the scraped content from its instructions.
- Capability inventory: The skill has the ability to execute Bash commands (limited to the firecrawl tool) and write output to the file system using the
-oflag. - Sanitization: The tool converts HTML to markdown, which provides some structural filtering, but it does not implement specific sanitization to prevent the injection of malicious instructions within the markdown content.
Audit Metadata