seo-firecrawl
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script
scripts/google_auth.pyduring its preflight process to determine available Google API tiers and authentication status. - [DATA_EXFILTRATION]: The skill accesses configuration data stored in
~/.config/seo-skills/google-api.jsonto verify API keys and property configurations. This access is limited to the tool's specific configuration directory. - [PROMPT_INJECTION]: This skill presents an indirect prompt injection surface by ingesting and processing untrusted web content via Firecrawl tools.
- Ingestion points: Data enters the context through
mcp__firecrawl-mcp__firecrawl_scrapeandmcp__firecrawl-mcp__firecrawl_crawltool outputs mentioned inSKILL.md. - Boundary markers: Scraped content is parsed and structured into markdown files, but the instructions do not explicitly specify the use of delimiters to segregate untrusted data from agent instructions.
- Capability inventory: The skill environment supports filesystem operations, local script execution (Bash/Python), and network access through MCP tools.
- Sanitization: No explicit sanitization or filtering of scraped content is defined before processing, which is standard for analysis-focused scraping tools.
Audit Metadata