firecrawl
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted content from the web, which serves as a potential vector for indirect prompt injection. Malicious instructions embedded in scraped pages could attempt to influence the agent's logic.
- Ingestion points: scripts/scrape.py, scripts/crawl.py, and scripts/search.py retrieve data from external URLs via the Firecrawl API.
- Boundary markers: The scripts do not use explicit delimiters or 'ignore' instructions when presenting scraped markdown or HTML to the agent.
- Capability inventory: The skill is restricted to making network requests to api.firecrawl.dev and printing results; it does not have file system write access or shell execution capabilities.
- Sanitization: No filtering or sanitization of the fetched web content is performed before it is passed to the agent.
Audit Metadata