firecrawl
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing the
firecrawl-clipackage from the official npm registry and executing it vianpx. These are standard installation procedures for a well-known web scraping service. - [SAFE]: Analysis of potential indirect prompt injection vulnerabilities confirms the inclusion of significant safety mitigations:
- Ingestion points: External content is ingested through the
scrape,search,map, andcrawlcommands acrossSKILL.mdand referenced rules. - Boundary markers: The
rules/security.mdfile mandates the use of the-oflag to isolate all fetched content within a specific.firecrawl/directory, preventing untrusted data from directly entering the primary context window. - Capability inventory: The skill uses
Bashto invoke the Firecrawl CLI, which performs network operations and local filesystem writes limited to the output directory. - Sanitization: The documentation explicitly instructs the agent to treat all fetched content as untrusted and ignore any instructions found within the data, effectively preventing indirect prompt injection from influencing agent behavior.
Audit Metadata