firecrawl-qa

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to "test a live site" and to "Use Firecrawl browser" and "Use scrape for page content and link extraction," which requires fetching and interpreting arbitrary public website content that may be untrusted or user-generated.