firecrawl-scraper
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The installation command
npx skills add -g BenedictKing/firecrawl-scraperdownloads and executes code from a third-party GitHub repository (BenedictKing) that is not on the trusted source list. This represents a risk of unverified dependency execution. - Indirect Prompt Injection (MEDIUM):
- Ingestion points: The skill performs deep web scraping, crawling, and PDF parsing of untrusted external content (SKILL.md).
- Boundary markers: No boundary markers or 'ignore embedded instructions' warnings are documented for the scraped content.
- Capability inventory: The scraped content is fed back into the agent context, which could influence reasoning or subsequent actions.
- Sanitization: There is no mention of sanitizing or escaping the scraped HTML/PDF content before it is processed by the agent, allowing for potential adversarial manipulation via hidden instructions in processed pages.
Audit Metadata