firecrawl
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads and installs the firecrawl-cli package from the official npm registry. This is a standard installation for the tool's intended functionality.
- [REMOTE_CODE_EXECUTION]: The skill uses npx and global npm installations to execute the firecrawl-cli, which interacts with external web services and processes remote data.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from external websites. It defines specific ingestion points through the scrape and search commands. To mitigate this risk, it implements boundary markers by directing output to isolated files in the .firecrawl/ directory and instructs the agent to use incremental reading methods like grep or head to avoid full exposure to potentially malicious instructions.
- [COMMAND_EXECUTION]: The skill is permitted to run firecrawl CLI commands via the Bash tool to perform web searching, content extraction, and browser automation.
Audit Metadata