firecrawl
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill utilizes well-known and reputable libraries, including
@mendable/firecrawl-js,firecrawl-py, andchromadb, for its core functionality of web scraping and data management.- [SAFE]: Sensitive API credentials are appropriately handled via environment variables (process.env.FIRECRAWL_API_KEY) rather than being hardcoded within the skill scripts.- [PROMPT_INJECTION]: The skill processes untrusted content from external websites, creating a surface for indirect prompt injection attacks where malicious data on a scraped page could attempt to influence the agent's behavior. - Ingestion points: Data retrieved through
firecrawl.scrapeUrlandfirecrawl.crawlUrlinSKILL.md. - Boundary markers: None implemented in the provided code examples to isolate scraped data from the LLM prompt context.
- Capability inventory: Includes network access for scraping and vector database ingestion via
chromadb; no arbitrary command execution or local file-system writing capabilities were identified. - Sanitization: No specific content sanitization or filtering logic is present in the provided examples for the scraped markdown data.
Audit Metadata