firecrawl-scrape
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill correctly implements communication with its official vendor domain at
ai-skills.ai. It requires an API key for authentication and does not attempt to exfiltrate data to unauthorized third-party services. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to ingest and analyze untrusted content from external URLs and files.
- Ingestion points: Untrusted data enters the agent context through the
materialUrl,materialFile, andmaterialTextfields defined inreferences/form-schema.json. - Boundary markers: The instructions do not provide explicit boundary markers or isolation instructions to prevent the agent from following directions embedded in the external content.
- Capability inventory: The skill utilizes
scripts/run.pyto perform network operations against the vendor's API. - Sanitization: There is no evidence of input validation or sanitization for the external content before it is processed.
Audit Metadata