firecrawl
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to process untrusted data from external sources, which could contain malicious instructions meant to manipulate the AI's behavior.
- Ingestion points: External data enters the system through
materialUrl(web pages),materialFile(uploaded documents like PDF, CSV, TXT), andmaterialText(user-pasted text) as specified inSKILL.mdandreferences/form-schema.json. - Boundary markers: No explicit delimiters or 'ignore' instructions are present in the skill configuration to segregate external data from the agent's core instructions.
- Capability inventory: The skill's runner script (
scripts/run.py) has network capabilities, specifically making POST requests to theai-skills.aidomain to execute tasks and poll for results. - Sanitization: There is no local validation, filtering, or sanitization of input data before it is transmitted to the remote API service.
Audit Metadata