firecrawl-scraper
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted web content, creating an indirect prompt injection surface.
- Ingestion points: The skill provides multiple methods (Python SDK, Node.js SDK, and direct REST API via fetch) to retrieve content from arbitrary external URLs.
- Boundary markers: The provided code samples do not implement boundary markers or specific delimiters to separate untrusted web content from agent instructions.
- Capability inventory: The skill includes code snippets for network requests (fetching web data) and file system access (writing scraped content to local markdown files).
- Sanitization: Basic string replacement is used for filenames in the documentation scraping example, but no sanitization of the scraped content is performed before it is passed to the LLM or written to disk.
- [EXTERNAL_DOWNLOADS]: The skill instructs users to download and install external libraries and references third-party resources.
- Official SDKs: Recommends installing
firecrawl-pyvia pip and@mendable/firecrawl-jsvia npm, which are the official libraries for the Firecrawl service. - Third-party reference: Mentions a community-maintained repository
github.com/G4brym/workers-firecrawlas an alternative for Cloudflare Workers integration. - [COMMAND_EXECUTION]: The skill contains code examples that perform file system operations.
- File Writing: The 'Documentation Scraping' Python example uses the
open()function with thew(write) mode to save scraped markdown content to a localdocs/directory. This is consistent with the skill's primary purpose of archiving web content.
Audit Metadata