firecrawl
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of ingesting untrusted web content.
- Ingestion points:
scripts/firecrawl_api.pyandscripts/deepwiki.shretrieve content from external URLs provided at runtime, which is then presented to the AI agent. - Boundary markers: The skill does not implement explicit delimiters (e.g., XML tags or unique markers) or specific system instructions to warn the agent to ignore instructions found within the scraped content.
- Capability inventory: The skill possesses significant capabilities, including performing complex web searches, scraping any URL, and writing data to the local filesystem (via
deepwiki.shor shell redirection). - Sanitization: While
scripts/filter_web_results.pyprovides useful markdown-level filtering (sections, keywords, and truncation), it does not sanitize the text for embedded instructions or malicious prompt segments.
Audit Metadata