firecrawl-research-papers

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md's "Firecrawl Collection Plan" explicitly requires searching for and scraping PDFs and content from public sites (e.g., arXiv, university pages, ACM/IEEE pages, company research blogs), meaning the agent will ingest and act on untrusted third-party web content as part of its workflow, allowing indirect prompt injection.