firecrawl-scraper
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from external websites via the Firecrawl API, which is a known vector for indirect prompt injection attacks. 1. Ingestion points: Content is retrieved from external URLs using the /scrape, /crawl, and /extract endpoints (Step 5). 2. Boundary markers: The workflow uses Markdown structure for results (Step 8) but lacks explicit 'ignore embedded instructions' delimiters or warnings for the agent. 3. Capability inventory: The skill facilitates network requests and result storage in the /claudedocs/ directory. 4. Sanitization: Content cleaning is mentioned in Step 6 (removing ads and navigation), but this is for noise reduction rather than security-focused sanitization against malicious prompts.
- [Credentials Unsafe] (SAFE): The skill correctly manages authentication by requiring the FIRECRAWL_API_KEY environment variable rather than hardcoding secrets or tokens.
Audit Metadata