firecrawl-qa
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's primary function is to process untrusted content from external websites, creating an indirect prompt injection surface.\n
- Ingestion points: The skill ingests data from live URLs using Firecrawl's mapping, browsing, and scraping tools (defined in SKILL.md).\n
- Boundary markers: There are no explicit instructions or delimiters defined to help the agent distinguish its internal instructions from content found on the scraped websites.\n
- Capability inventory: The agent is empowered to navigate site structures, interact with browser elements (forms, links), and summarize scraped data into reports.\n
- Sanitization: The skill instructions do not specify any sanitization or validation protocols for the external content before it is processed by the agent.
Audit Metadata