firecrawl-seo-audit
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is authored by the service provider (Firecrawl) and its behavior aligns with its stated purpose of performing SEO audits using the official Firecrawl infrastructure.
- [SAFE]: Sensitive information is handled securely; the FIRECRAWL_API_KEY is requested as a required user input rather than being hardcoded or stored unsafely within the instructions.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it is designed to process untrusted content from external websites.
- Ingestion points: External web content, including titles, meta descriptions, and headings scraped from user-provided URLs and competitor sites in SKILL.md.
- Boundary markers: Absent. The skill does not define specific delimiters or instructions for the agent to ignore potentially malicious directions embedded in the scraped web data.
- Capability inventory: The skill instructions focus on data extraction and markdown report generation. There are no indications of dangerous capabilities such as arbitrary command execution, file system writes, or unauthorized network access beyond the scraping tool itself.
- Sanitization: Absent. The skill does not explicitly describe any filtering or sanitization of the scraped content before it is included in the final audit deliverable.
Audit Metadata