Skills
skills/openclaw/skills/firecrawl/Gen Agent Trust Hub

firecrawl

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted web content retrieved via the Firecrawl API, creating a surface for indirect prompt injection. \n
  • Ingestion points: scripts/scrape.py, scripts/crawl.py, and scripts/search.py fetch data from arbitrary external URLs. \n
  • Boundary markers: The scripts print retrieved content (markdown/HTML) directly to the output without using clear delimiters to isolate it from the agent's instructions. \n
  • Capability inventory: The skill uses urllib.request to perform network requests to the Firecrawl API. \n
  • Sanitization: Content is displayed without sanitization, allowing potential instructions in the scraped data to reach the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 07:37 PM
Security Audit — agent-trust-hub — firecrawl