firecrawl-search

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data from several sources, which is a standard surface for indirect prompt injection. This is consistent with the skill's primary purpose of analyzing search results and documents.
  • Ingestion points: Data enters the system via materialText, materialFile, and materialUrl as defined in references/form-schema.json.
  • Boundary markers: No specific delimiters are implemented within the skill instructions to separate untrusted data from processing commands.
  • Capability inventory: The skill's primary capability is sending data to the ai-skills.ai API through the scripts/run.py utility; it does not perform local execution of the ingested data.
  • Sanitization: The skill relies on the backend API for input validation and sanitization.
  • [COMMAND_EXECUTION]: The scripts/run.py script is a legitimate utility provided to the user for interacting with the AI Skills API. It uses Python's standard library for network requests and does not execute arbitrary shell commands or process user input in a way that allows for command injection.
  • [EXTERNAL_DOWNLOADS]: The Python runner script optionally imports the well-known certifi package to ensure secure SSL communication. All network requests are made to the vendor's official domain (ai-skills.ai).
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:59 AM
Security Audit — agent-trust-hub — firecrawl-search