firecrawl

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to process untrusted data from external sources, which could contain malicious instructions meant to manipulate the AI's behavior.
  • Ingestion points: External data enters the system through materialUrl (web pages), materialFile (uploaded documents like PDF, CSV, TXT), and materialText (user-pasted text) as specified in SKILL.md and references/form-schema.json.
  • Boundary markers: No explicit delimiters or 'ignore' instructions are present in the skill configuration to segregate external data from the agent's core instructions.
  • Capability inventory: The skill's runner script (scripts/run.py) has network capabilities, specifically making POST requests to the ai-skills.ai domain to execute tasks and poll for results.
  • Sanitization: There is no local validation, filtering, or sanitization of input data before it is transmitted to the remote API service.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — firecrawl