Skills
skills/vm0-ai/vm0-skills/firecrawl/Gen Agent Trust Hub

firecrawl

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches data from the official Firecrawl API (api.firecrawl.dev), which is a well-known service for web scraping.
  • [COMMAND_EXECUTION]: Executes shell commands including curl for API requests, jq for parsing JSON data, and platform-specific diagnostic tools like zero doctor. It also involves local file system operations, such as writing request configuration to /tmp/firecrawl_request.json and saving scraped output to markdown files.
  • [DATA_EXFILTRATION]: Transmits user-provided URLs and natural language instructions (prompts for AI extraction) to the external Firecrawl API. This behavior is inherent to the scraping and data extraction features of the service.
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection because it ingests and processes content from arbitrary external websites that could contain malicious instructions.
  • Ingestion points: Web content retrieved from various domains via the Firecrawl API (SKILL.md).
  • Boundary markers: The instructions do not include specific delimiters or warnings to the agent to prevent it from executing instructions found within the scraped content.
  • Capability inventory: The environment allows network operations via curl and file-writing capabilities (SKILL.md).
  • Sanitization: There are no mechanisms described for sanitizing or filtering the scraped content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 06:33 PM