firecrawl-debug-bundle
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Data Exposure & Exfiltration (MEDIUM): The skill accesses sensitive files including .env and npm logs (~/.npm/_logs/*.log). While the script attempts to redact values in .env using sed, this method may not be comprehensive for all configuration formats. The severity is adjusted to MEDIUM as this access is necessary for the skill's primary purpose of creating a debug bundle. It also makes a network request to api.firecrawl.com, which is not a whitelisted trusted source.
- Indirect Prompt Injection (LOW): The skill identifies a surface for indirect prompt injection by ingesting untrusted data from system logs and configuration files. Evidence: Ingestion points include ~/.npm/_logs/*.log and .env. Boundary markers: Absent. Capability inventory: Bash(grep, curl, tar), Read. Sanitization: Basic redaction of .env values is performed, but log content is only filtered by keyword.
- Command Execution (SAFE): The script utilizes standard diagnostic tools such as grep, curl, and tar, which are appropriately declared in the metadata for troubleshooting purposes.
Audit Metadata