scrape-docs
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes content from user-provided URLs.\n
- Ingestion points: External data is ingested via a target URL passed as an argument and processed by the Firecrawl MCP tool (SKILL.md).\n
- Boundary markers: The skill does not use delimiters or specific instructions to isolate the scraped content, making it possible for the agent to follow instructions embedded in the external documentation.\n
- Capability inventory: The skill uses the Firecrawl MCP to fetch data from the web; the security of the operation depends on the downstream agent's handling of the summarized output.\n
- Sanitization: No sanitization or filtering of the retrieved web content is mentioned or implemented in the strategy.
Audit Metadata