firecrawl-demo-walkthrough

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly tells the agent it may ask for credentials/constraints for protected areas and to submit credentials if explicitly instructed, which can require embedding secret values verbatim in actions or outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to "Use Firecrawl browser to open the product and navigate key flows" and to "snapshot... scrape pages when useful," which requires fetching and interpreting public product webpages (untrusted third-party content) that can materially influence navigation/actions.