jp-grants
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses the 'firecrawl-py' Python package, which is the official client for the Firecrawl web scraping and search service. This is a well-known service for data extraction.
- [COMMAND_EXECUTION]: The skill includes local Python scripts ('find_candidates.py' and 'extract_programs.py') designed to be executed by the agent to perform search and data extraction tasks using the provided API key.
- [PROMPT_INJECTION]: The skill instructions in 'SKILL.md' contain clear operating rules and workflows to prevent hallucination and maintain focus on official sources. No evidence of bypass or override attempts was detected.
- [DATA_EXFILTRATION]: No unauthorized data access or exfiltration patterns were detected. The scripts handle the 'FIRECRAWL_API_KEY' securely via environment variables and only communicate with official service endpoints.
Audit Metadata