firecrawl-self-hosted
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses SSH to run administrative commands on a remote host, including Docker orchestration and service management.
- [EXTERNAL_DOWNLOADS]: The bootstrap guide provides instructions to download the Firecrawl repository and the Caddy binary from GitHub. These sources are recognized as reputable.
- [PROMPT_INJECTION]: The skill's scraping nature introduces an indirect prompt injection surface.
- Ingestion points: Web data processed by the Bun wrapper script in bootstrap-guide.md.
- Boundary markers: Absent; data is stored as raw Markdown.
- Capability inventory: High-level access to the host littleblack via SSH.
- Sanitization: Absent; the name parameter in the wrapper is also susceptible to path traversal.
Audit Metadata