Skills
skills/mvanhorn/printing-press-library/pp-firecrawl/Gen Agent Trust Hub

pp-firecrawl

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the download and installation of developer tools from the author's repositories on GitHub and NPM. Evidence includes installation commands for firecrawl-pp-cli and firecrawl-pp-mcp targeting github.com/mvanhorn/* and @mvanhorn/* packages in SKILL.md.
  • [COMMAND_EXECUTION]: The skill uses the firecrawl-pp-cli binary to perform scraping, research, and diagnostic operations via bash.
  • [DATA_EXFILTRATION]: The CLI tool includes a --deliver webhook:<url> capability which allows the agent to POST command results to an external network endpoint. This is a core feature for data routing but represents a potential exfiltration surface.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its primary function of ingesting and processing untrusted content from the web.
  • Ingestion points: Untrusted data enters the context via the scrape, crawl, map, and extract commands described in SKILL.md.
  • Boundary markers: There are no explicit markers or instructions provided to distinguish scraped content from system instructions.
  • Capability inventory: The skill has the ability to execute CLI commands and send data to webhooks as defined in SKILL.md.
  • Sanitization: No sanitization or validation of the ingested content is specified within the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 05:47 PM