skills/jeremylongshore/claude-code-plugins-plus-skills/firecrawl-core-workflow-a/Gen Agent Trust Hub
firecrawl-core-workflow-a
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the ingestion of content from external websites via the FireCrawl API, which introduces a potential surface for indirect prompt injection. \n
- Ingestion points: Data retrieved from the FireCrawl API as described in the Output section of SKILL.md. \n
- Boundary markers: The skill does not include specific boundary markers or instructions to the agent to ignore instructions embedded in the retrieved content. \n
- Capability inventory: The skill allows use of the Write, Edit, and Bash(npm:*) tools, which could be leveraged if an indirect injection is successful. \n
- Sanitization: No specific data validation or sanitization routines are mentioned for the external data. \n- [COMMAND_EXECUTION]: The skill requests permission to use the Bash tool with npm capabilities (Bash(npm:*)) in its metadata. Although no specific shell commands are provided in the file, this permission allows the agent to install and execute arbitrary Node.js packages.
Audit Metadata