seo-firecrawl
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The documentation provides commands for the user or agent to execute a local shell script (
./extensions/firecrawl/install.sh) to install the required extension. Executing local scripts is a standard setup procedure but requires the user to trust the script's source. - [PROMPT_INJECTION]: The skill is designed to ingest and analyze content from arbitrary external websites via tools like
firecrawl_crawlandfirecrawl_scrape. This creates a surface for indirect prompt injection where malicious instructions hidden in scraped HTML or markdown could attempt to influence the agent's behavior. - Ingestion points: External data enters the agent context through the outputs of
firecrawl_crawl,firecrawl_scrape, andfirecrawl_searchas described inSKILL.md. - Boundary markers: None. The instructions do not specify the use of delimiters or 'ignore' instructions for the processed content.
- Capability inventory: The skill focuses on data retrieval and analysis; no file-writing or subprocess execution capabilities are explicitly defined in this skill's logic, though it interacts with the broader agent environment.
- Sanitization: None. There is no mention of sanitizing, escaping, or validating the content retrieved from external URLs before it is processed by the agent.
Audit Metadata