firecrawl-research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (LOW): The script
scripts/convert_academic.pyusessubprocess.runto call external binaries (pandoc,myst). Although it uses the safer list-based argument passing (avoidingshell=True), it still executes external system processes based on input paths provided to the script. - [EXTERNAL_DOWNLOADS] (LOW): The script
scripts/firecrawl_research.pycommunicates with the FireCrawl API (api.firecrawl.dev) to perform web searches and content scraping. This is the intended primary behavior of the skill. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted data from the web (scraped content) and writes it into markdown files without sanitization or boundary markers. This creates a surface where malicious instructions on a web page could influence the agent's behavior when it later reads the research notes.
- Ingestion points:
scripts/firecrawl_research.py(via FireCrawl API search results) - Boundary markers: Absent; the script writes raw markdown content retrieved from the API into local files.
- Capability inventory: Includes subprocess execution of document converters and file write operations.
- Sanitization: Absent; the script truncates content length for readability but does not filter for prompt injection patterns.
Audit Metadata