firecrawl-scraper
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests data from external URLs, which creates a potential vector for indirect prompt injection where malicious instructions on a webpage could influence the agent. Evidence: (1) Ingestion points: app.scrape_url, app.crawl_url, and app.extract in README.md. (2) Boundary markers: None identified in code snippets. (3) Capability inventory: Network requests to scrape and crawl external websites. (4) Sanitization: No explicit sanitization of scraped content demonstrated.
- [External Downloads] (SAFE): The skill documentation recommends installing official SDKs (firecrawl-py, @mendable/firecrawl-js) via standard package managers. These are recognized libraries for the service and do not represent a security risk.
Audit Metadata