firecrawl-parse
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
firecrawlandnpx firecrawlcommands via Bash to extract text from local file formats including PDF, DOCX, and XLSX. - [EXTERNAL_DOWNLOADS]: The skill utilizes
npxto fetch thefirecrawlpackage from the official npm registry, which is a well-known service. - [PROMPT_INJECTION]: The skill processes untrusted local document content, creating an indirect prompt injection surface as the parsed output is returned to the agent context.
- Ingestion points: Local file paths (e.g.,
./paper.pdf) provided to thefirecrawl parsecommand inSKILL.md. - Boundary markers: No explicit delimiters or isolation instructions are defined for the parsed output within the skill logic.
- Capability inventory: The skill is restricted to Bash execution for the Firecrawl CLI as defined in the
allowed-toolsfrontmatter. - Sanitization: Content conversion and sanitization are handled by the external
firecrawlutility.
Audit Metadata