firecrawl
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill interacts with the official Firecrawl API (api.firecrawl.dev), which is a well-known service for web scraping and crawling.
- [SAFE]: Credentials such as FIRECRAWL_TOKEN are managed using environment variables and platform secrets, adhering to security best practices.
- [COMMAND_EXECUTION]: The skill uses curl and jq for API interaction and data parsing, involving standard command-line execution and local file writes for temporary configurations.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection due to its core function of scraping external websites.
- Ingestion points: Data enters the context from untrusted URLs via Firecrawl's scrape and crawl endpoints.
- Boundary markers: No delimiters are currently specified to separate untrusted content from the agent's instructions.
- Capability inventory: The skill uses curl for network access and can write files to the local system.
- Sanitization: There is no explicit sanitization of the scraped data before processing.
Audit Metadata