firecrawl-scraper
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- External Downloads (LOW): The skill relies on external SDKs
firecrawl-pyand@mendable/firecrawl-js. While these are legitimate tools for the Firecrawl service, they are not hosted by the explicitly trusted organizations listed in the analyzer configuration. - Indirect Prompt Injection (LOW): The skill ingests data from external websites, which creates a surface for indirect prompt injection. 1. Ingestion points: External data enters via the
/scrapeand/crawlmethods in the Python and TypeScript templates (e.g.,firecrawl-scrape-python.pyandfirecrawl-worker-fetch.ts). 2. Boundary markers: The templates do not include specific delimiters or 'ignore' instructions to encapsulate scraped content, which may allow embedded malicious instructions to influence agent behavior. 3. Capability inventory: The skill includes templates that write data to the local file system (e.g.,open().write()infirecrawl-crawl-example.py). 4. Sanitization: There is no evidence of sanitization or filtering of the retrieved web content before it is processed or stored.
Audit Metadata