firecrawl-research-patterns
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed to interact with a self-hosted Firecrawl service located at a private network address (172.25.236.1), which maintains data privacy and control within the user's local environment.\n- [EXTERNAL_DOWNLOADS]: The bootstrap documentation guides the user to download official software from the Firecrawl and Caddy GitHub repositories. These are recognized, well-known services necessary for the skill's operation.\n- [PROMPT_INJECTION]: As the skill's primary function involves processing external web content, there is an inherent surface for indirect prompt injection. \n
- Ingestion points: Data scraped from sources like arxiv and Semantic Scholar as described in academic-paper-routing.md.\n
- Boundary markers: Explicit delimiters for untrusted content are not shown in the provided templates.\n
- Capability inventory: The skill utilizes fetch() for network interaction and Bun.write for local file storage.\n
- Sanitization: Content is trimmed to token limits to ensure LLM processing compatibility, but specific instruction filtering is not implemented.
Audit Metadata