firecrawl
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: This skill possesses an attack surface for indirect prompt injection by processing untrusted data from the web.
- Ingestion points:
scripts/search.py,scripts/scrape.py, andscripts/crawl.pyfetch external content fromapi.firecrawl.dev. - Boundary markers: The scripts use plain text headers (e.g.,
=======) to delimit results in the console, which do not provide structural separation for the agent. - Capability inventory: The provided Python scripts perform network requests to
api.firecrawl.devusingurllib.request. - Sanitization: No filtering or sanitization of scraped content is implemented before it is presented to the agent. \n- [DATA_EXFILTRATION]: The skill makes network requests to
api.firecrawl.dev. These operations are directed to the official domain of the service required for the skill's functionality and do not involve unauthorized access to sensitive local files.
Audit Metadata