firecrawl-scrape

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill correctly implements communication with its official vendor domain at ai-skills.ai. It requires an API key for authentication and does not attempt to exfiltrate data to unauthorized third-party services.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to ingest and analyze untrusted content from external URLs and files.
  • Ingestion points: Untrusted data enters the agent context through the materialUrl, materialFile, and materialText fields defined in references/form-schema.json.
  • Boundary markers: The instructions do not provide explicit boundary markers or isolation instructions to prevent the agent from following directions embedded in the external content.
  • Capability inventory: The skill utilizes scripts/run.py to perform network operations against the vendor's API.
  • Sanitization: There is no evidence of input validation or sanitization for the external content before it is processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:58 AM
Security Audit — agent-trust-hub — firecrawl-scrape