Skills
skills/firecrawl/firecrawl-cli/firecrawl-parse/Gen Agent Trust Hub

firecrawl-parse

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses firecrawl and npx firecrawl via the Bash tool to process local documents.
  • [EXTERNAL_DOWNLOADS]: Use of npx firecrawl may trigger the download of the Firecrawl CLI from the public NPM registry.
  • [DATA_EXFILTRATION]: Local document content is transmitted to the Firecrawl API for parsing and conversion to markdown. This is the intended purpose of the skill.
  • [PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection as it ingests and processes untrusted external data.
  • Ingestion points: Local files (PDF, DOCX, DOC, ODT, RTF, XLSX, XLS, HTML) are read and converted in SKILL.md.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are used when the agent reads the parsed markdown.
  • Capability inventory: The skill allows file system operations (mkdir) and execution of the firecrawl CLI.
  • Sanitization: No explicit sanitization of extracted text is performed before it is presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 11:27 PM
Security Audit — agent-trust-hub — firecrawl-parse