firecrawl
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the npm registry. This is the official command-line interface for the Membrane platform and is expected for the skill's functionality. - [COMMAND_EXECUTION]: The skill provides instructions for running multiple CLI commands using the
membraneutility, includingmembrane login,membrane search,membrane connect, andmembrane action run. These commands are used to manage scraping workflows and execute actions. - [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection because it ingests untrusted data from external websites via web scraping.
- Evidence Chain for Indirect Injection:
- Ingestion points: Web page content extracted by Firecrawl (SKILL.md).
- Boundary markers: Absent; the skill does not specify delimiters or instructions for the agent to ignore potentially malicious content within scraped data.
- Capability inventory: The agent can execute shell commands through the Membrane CLI (
membrane action run,membrane request). - Sanitization: No explicit sanitization or validation of the scraped data is described in the provided instructions.
Audit Metadata