firecrawl-2
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'firecrawl' Python package and downloads screenshot images from remote URLs hosted by the Firecrawl service using urllib.request.urlretrieve in the fc.py script.\n- [PROMPT_INJECTION]: The skill processes untrusted content from external websites which presents a surface for indirect prompt injection.\n
- Ingestion points: Content is retrieved from the web via the Firecrawl SDK in the fc.py script.\n
- Boundary markers: The script structures its output using markdown headers and horizontal rules to separate source URLs and metadata from the content.\n
- Capability inventory: The skill has the ability to write files to the local filesystem using user-provided paths and perform network requests via the SDK.\n
- Sanitization: The script uses alphanumeric slugging on URLs to generate filenames in the crawl command, which mitigates path traversal risks.
Audit Metadata