firecrawl-interact
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs browser automation by executing the
firecrawlCLI tool. It allows the agent to pass natural language instructions or code blocks (supporting bash, python, or node) to the browser session via theinteractcommand. - [EXTERNAL_DOWNLOADS]: The skill uses
npx firecrawl, which downloads the Firecrawl package from the npm registry if it is not already present in the environment. - [PROMPT_INJECTION]: The skill's primary function involves interacting with content from external web pages (ingestion point: scraped page content), which represents a surface for indirect prompt injection. While the skill possesses significant control over the browser session (capability inventory:
firecrawl interact), it does not define specific boundary markers or data sanitization routines to isolate untrusted webpage content from agent instructions.
Audit Metadata